Vulnerability CVE-2013-3239

Vulnerability Name:

CVE-2013-3239 (CCN-83793)

Assigned:

2013-04-24

Published:

2013-04-24

Updated:

2013-11-19

Summary:

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.

CVSS v3 Severity:

4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-94

Vulnerability Consequences:

Gain Privileges

References:

Source: BUGTRAQ
Type: UNKNOWN
20130424 [waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin

Source: MITRE
Type: CNA
CVE-2013-3239

Source: FEDORA
Type: UNKNOWN
FEDORA-2013-7000

Source: FEDORA
Type: UNKNOWN
FEDORA-2013-6977

Source: FEDORA
Type: UNKNOWN
FEDORA-2013-6928

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:1065

Source: CCN
Type: Full-disclosure Mailing List, Wed, 24 Apr 2013 13:41:16 -0700 (PDT)
Multiple Vulnerabilities in phpMyAdmin

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2013:160

Source: CCN
Type: phpMyAdmin Web Site
phpMyAdmin

Source: CCN
Type: PMASA-2013-3
Locally Saved SQL Dump File Multiple File Extension Remote Code Execution

Source: CONFIRM
Type: Vendor Advisory
http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php

Source: CCN
Type: BID-59465
phpMyAdmin 'filename_template' Remote Code Execution Vulnerability

Source: XF
Type: UNKNOWN
phpmyadmin-cve20133239-code-exec(83793)

Source: CONFIRM
Type: Exploit, Patch
https://github.com/phpmyadmin/phpmyadmin/commit/1f6bc0b707002e26cab216b9e57b4d5de764de48

Source: CONFIRM
Type: UNKNOWN
https://github.com/phpmyadmin/phpmyadmin/commit/d3fafdfba0807068196655e9b6d16c5d1d3ccf8a

Source: CONFIRM
Type: UNKNOWN
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-3239

Vulnerable Configuration:

Configuration 1:

cpe:/a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.5.1.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.5.2.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.5.2.1:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.5.2.2:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.5.3.0:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.5.4:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.5.5:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.5.6:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.5.7:*:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.5.7:rc1:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:3.5.8:rc1:*:*:*:*:*:*

OR cpe:/a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:phpmyadmin:phpmyadmin:3.5.2.1:*:*:*:*:*:*:*