// For flags

CVE-2013-4729

 

Severity Score

5.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.

import.php en phpMyAdmin v4.x anterior a v4.0.4.1 no restringe correctamente la capacidad de la entrada de datos a un formato de fichero específico, lo que permite a usuarios remotamente autenticados modificar el array global GLOBALS, y consecuentemente a través de peticiones malformadas.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-06-29 CVE Reserved
  • 2013-07-04 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Phpmyadmin
Search vendor "Phpmyadmin"
Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
4.0.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.0"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
4.0.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.0"
rc2
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
4.0.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.0"
rc3
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
4.0.1
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.1"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
4.0.2
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.2"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
4.0.3
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.3"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
4.0.4
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.4"
-
Affected