Descriptionimport.php in phpMyAdmin 4.x before 220.127.116.11 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA phpMyAdmin-18.104.22.168-1.1
SUSE Timeline for this CVECVE page created: Thu Jul 4 17:15:37 2013
CVE page last modified: Fri Oct 7 12:46:35 2022