Bugzilla – Bug 824304
VUL-0: phpMyAdmin: CVE-2013-3240: Local file inclusion vulnerability.
Last modified: 2013-06-12 16:28:51 UTC
Public via PMASA-2013-4: http://www.phpmyadmin.net/home_page/security/PMASA-2013-4.php PMASA-2013-4 ------------ Announcement-ID: PMASA-2013-4 Date: 2013-04-24 Summary: Local file inclusion vulnerability. Description: In the Export feature, a parameter specifying the export type was not correctly validated, opening the door to a local file inclusion attack. Severity: We consider this vulnerability to be serious. Mitigation factor: This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users to access the required form. Affected Versions: phpMyAdmin versions 4.x (prior to 4.0.0-rc3). Solution: Upgrade to phpMyAdmin 4.0.0-rc3 or newer. References: Thanks to Janek Vind for reporting this issue. Assigned CVE ids: CVE-2013-3240 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3240 CWE ids: CWE-661 CWE-98 http://cwe.mitre.org/data/definitions/661.html http://cwe.mitre.org/data/definitions/98.html
bugbot adjusting priority
fixed with update to 4.0.3