Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-3239

EPSS 12.33% · P94
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2013-3239

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
phpMyAdmin ‘filename_template’远程代码执行漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
phpMyAdmin是phpMyAdmin团队开发的一套免费的、基于Web的MySQL数据库管理工具。该工具能够创建和删除数据库,创建、删除、修改数据库表,执行SQL脚本命令等。 phpMyAdmin 3.5.8之前的3.5.x版本和4.0.0-rc3之前的4.x版本中存在漏洞。当配置SaveDir后,经过身份验证的远程攻击者可通过在导出文件后缀名后再加一后缀名,利用该漏洞执行任意代码,导致Apache HTTP服务器认为该文件可执行。例如:.php.sql的文件后缀名。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2013-3239

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2013-3239

Please Login to view more intelligence information

Same Patch Batch · n/a · 2013-04-26 · 10 CVEs total

CVE-2013-1428tinc ‘receive_tcppacket’函数栈缓冲区溢出漏洞
CVE-2012-5220HP Data Protector 未明安全漏洞
CVE-2013-0727Global Mapper 不安全库加载漏洞
CVE-2013-2306jigbrowser+ for Android 地址栏欺骗漏洞
CVE-2013-2307Yahoo! Browser for Android 地址栏欺骗漏洞
CVE-2013-2709WordPress 插件 跨站请求伪造漏洞
CVE-2013-3238phpMyAdmin 多个任意PHP代码执行漏洞
CVE-2013-3240phpMyAdmin ‘what’参数本地文件包含漏洞
CVE-2013-3241phpMyAdmin ‘$GLOBALS’数组未授权访问漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2013-3239

No comments yet

Leave a comment