#VU42865 Code Injection in phpMyAdmin - CVE-2013-3239
Vulnerability identifier: #VU42865
Vulnerability risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID:
CWE-ID:
CWE-94
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
phpMyAdmin
Web applications /
Remote management & hosting panels
Vendor: phpMyAdmin
Description
The vulnerability allows a remote #AU# to read and manipulate data.
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
Mitigation
Install update from vendor's website.
Vulnerable software versions
phpMyAdmin: 3.5.0.0 - 3.5.8, 4.0.0
External links
https://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html
https://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html
https://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html
https://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html
https://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html
https://www.mandriva.com/security/advisories?name=MDVSA-2013:160
https://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php
https://github.com/phpmyadmin/phpmyadmin/commit/1f6bc0b707002e26cab216b9e57b4d5de764de48
https://github.com/phpmyadmin/phpmyadmin/commit/d3fafdfba0807068196655e9b6d16c5d1d3ccf8a
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
