CVE-2013-3238 – phpMyAdmin - 'preg_replace' (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-3238
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. phpMyAdmin v3.5.x antes de v3.5.8 y v4.x antes de v4.0.0-RC3 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una secuencia /e\x00, que no se utilizan con cuidado antes de hacer una llamada a la función preg_replace en el "Replace table prefix". phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities. • https://www.exploit-db.com/exploits/25136 https://www.exploit-db.com/exploits/25003 http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html http://www.exploit-db.com/exploits/25136 http •
CVE-2013-3241 – phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3241
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request. export.php (también conocido como script de exportación) en phpMyAdmin v4.x antes de v4.0.0-RC3 sobrescribe las variables globales sobre la base del contenido de la matriz superglobal POST, lo que permite a usuarios remotos autenticados inyectar valores a través de una solicitud manipulada. phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities. • https://www.exploit-db.com/exploits/25003 http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php •
CVE-2013-3239 – phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3239
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename. phpMyAdmin v3.5.x antes de v3.5.8 y v4.x antes de v4.0.0-RC3, cuando se configura un directorio SaveDir, permite a los usuarios remotos autenticados ejecutar código arbitrario mediante una doble extensión del nombre de archivo de un archivo de exportación, lo que lleva a la interpretación de este archivo como un archivo ejecutable por el Apache HTTP Server, como se demuestra por un nombre de archivo .php.sql phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities. • https://www.exploit-db.com/exploits/25003 http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:160 http://www.phpmyadmin.net/h • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-1937 – phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1937
Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable. ** EN DISPUTA ** Múltiples vulnerabilidades Cross-Site Scripting (XSS) en tbl_gis_visualization.php en phpMyAdmin, en versiones 3.5.x anteriores a la 3.5.8, permiten que atacantes remotos inyecten scripts web o HTML arbitrarios mediante los parámetros (1) visualizationSettings[width] o (2) visualizationSettings[height]. NOTA: un tercero reporta que esto "no puede explotarse". • https://www.exploit-db.com/exploits/38440 http://archives.neohapsis.com/archives/fulldisclosure/2013-04/0101.html http://immunityservices.blogspot.com/2019/02/cvss.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103184.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103188.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103195.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html http://openwall.com/lists/oss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-5469 – Portable phpMyAdmin <= 1.3.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2012-5469
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. El complemento phpMyAdmin Portable antes de v1.3.1 para WordPress permite a atacantes remotos evitar la autenticación y obtener acceso a la consola de phpMyAdmin a través de una solicitud directa al wp-content/plugins/portable-phpmyadmin/wp-pma-mod. The Portable phpMyAdmin plugin before 1.3.0 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. WordPress portable-phpMyAdmin plugin version 1.3.0 fails to validate the existing session allowing a user to navigate directly to the interface. • https://www.exploit-db.com/exploits/23356 http://archives.neohapsis.com/archives/bugtraq/2012-12/0092.html http://wordpress.org/extend/plugins/portable-phpmyadmin/changelog • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •