CVE-2013-3239
Published: 26 April 2013
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
Notes
Author | Note |
---|---|
jdstrand | per Debian, Requires non-default option saveDir to be enabled, an authenticated untrusted user and Apache mod_mime |
Priority
Status
Package | Release | Status |
---|---|---|
phpmyadmin Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
(4:3.5.8.1-1)
|
|
trusty |
Not vulnerable
(4:3.5.8.1-1)
|
|
upstream |
Released
(4:3.4.11.1-2)
|
|
utopic |
Not vulnerable
(4:3.5.8.1-1)
|
|
vivid |
Not vulnerable
(4:3.5.8.1-1)
|
|
wily |
Not vulnerable
(4:3.5.8.1-1)
|
|
xenial |
Not vulnerable
(4:3.5.8.1-1)
|
|
yakkety |
Not vulnerable
(4:3.5.8.1-1)
|
|
zesty |
Not vulnerable
(4:3.5.8.1-1)
|