Input validation error in Opensuse and phpMyAdmin - CVE-2013-5029
Published: August 20, 2013 / Updated: August 10, 2020
Vulnerability identifier: #VU42654
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2013-5029
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: SUSE
phpMyAdmin
phpMyAdmin
Affected software:
Opensuse
phpMyAdmin
Opensuse
phpMyAdmin
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
How to mitigate CVE-2013-5029
Install update from vendor's website.
Sources
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00013.html
- http://secunia.com/advisories/54488
- http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php
- https://github.com/phpmyadmin/phpmyadmin/commit/240b8332db53dedc27baeec5306dabad3bdece3b
- https://github.com/phpmyadmin/phpmyadmin/commit/24d0eb55203b029f250c77d63f2900ffbe099e8b
- https://github.com/phpmyadmin/phpmyadmin/commit/66fe475d4f51b1761719cb0cab360748800373f7
- https://github.com/phpmyadmin/phpmyadmin/commit/da4042fb6c4365dc8187765c3bf525043687c66f