CVE-2013-3238
CVE-2013-3238, security advisory, novell, suse linux, suse, security, cve

CVE-2013-3238

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-3238 at MITRE

Description

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.00
Vector AV:N/AC:M/Au:S/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 824301 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • phpMyAdmin >= 3.5.8.1-1.4.1
Patchnames:
openSUSE-2013-524