logo

Database

Inappropriate coding practices In phpmyadmin/phpmyadmin

Description

phpMyAdmin Global variables scope injection vulnerability import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2013-47292. NVD-2013-47293. OSV-2013-47294. OSV-DEBIAN-2013-47295. GCVE-2013-47296. SECURITY-TRACKER-CVE-2013-4729

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/012464268420e53a9cd81cbb4a43988d70393c362. http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.