Lucene search
RootSSV:60872HistoryJul 10, 2013 - 12:00 a.m.
phpMyAdmin <= 4.0.4.1 import.php GLOBALS变量注入漏洞
2013-07-1000:00:00
Root
www.seebug.org
21
EPSS
0.001
Percentile
50.9%
CVE(CAN) ID: CVE-2013-4729
phpmyadmin是MySQL数据库的在线管理工具,主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。
phpMyAdmin 4.0.4.1之前版本内的import.php没有正确限制文件格式定义数据输入权限,可使经过身份验证的远程用户修改GLOBALS超级全局数组,然后通过特制的请求更改配置。
0
phpMyAdmin <= 4.0.4.1
厂商补丁:
phpMyAdmin
phpMyAdmin已经为此发布了一个安全公告(PMASA-2013-7)以及相应补丁:
PMASA-2013-7:PMASA-2013-7
链接:http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php
补丁下载:https://github.com/phpmyadmin/phpmyadmin/commit/012464268420e53a9cd81cbb4a43988d70393c36
Related
cve
cve
CVE-2013-4729
2013-07-04 14:33:41
freebsd
freebsd
phpMyAdmin -- Global variable scope injection
2013-06-30 00:00:00
ubuntucve
ubuntucve
CVE-2013-4729
2013-07-04 00:00:00
nessus
nessus
openvas
openvas
phpmyadmin
phpmyadmin
Global variable scope injection.
2013-06-30 00:00:00
osv
osv
phpMyAdmin Global variables scope injection vulnerability
2022-05-17 05:07:49
phpMyAdmin-4.6.5.2-1.1 on GA media
2024-06-15 00:00:00
prion
prion
Design/Logic Flaw
2013-07-04 14:33:00
github
github
phpMyAdmin Global variables scope injection vulnerability
2022-05-17 05:07:49
debiancve
debiancve
CVE-2013-4729
2013-07-04 14:33:41
nvd
nvd
CVE-2013-4729
2013-07-04 14:33:41
cvelist
cvelist
CVE-2013-4729
2013-07-04 10:00:00