CVE-2013-5001
Gentoo Linux Security Advisory 201311-02
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.
Vulnerabilidad XSS enlibraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php en phpMyAdmin 4.0.x anterior a 4.0.4.2, permite a usuarios autenticados remotamente inyectar secuencias web o HTML arbitrarias a través de un nombre de objeto modificado asociado a un enlace TextLinkTransformationPlugin.
Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks. Versions less than 4.0.5 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-07-29 CVE Reserved
- 2013-07-30 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php | 2013-07-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phpmyadmin Search vendor "Phpmyadmin" | Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin" | 4.0.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.0" | - |
Affected
| ||||||
| Phpmyadmin Search vendor "Phpmyadmin" | Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin" | 4.0.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.0" | rc2 |
Affected
| ||||||
| Phpmyadmin Search vendor "Phpmyadmin" | Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin" | 4.0.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.0" | rc3 |
Affected
| ||||||
| Phpmyadmin Search vendor "Phpmyadmin" | Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin" | 4.0.1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.1" | - |
Affected
| ||||||
| Phpmyadmin Search vendor "Phpmyadmin" | Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin" | 4.0.2 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.2" | - |
Affected
| ||||||
| Phpmyadmin Search vendor "Phpmyadmin" | Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin" | 4.0.3 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.3" | - |
Affected
| ||||||
| Phpmyadmin Search vendor "Phpmyadmin" | Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin" | 4.0.4 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.4" | - |
Affected
| ||||||
| Phpmyadmin Search vendor "Phpmyadmin" | Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin" | 4.0.4.1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.0.4.1" | - |
Affected
| ||||||