Bugzilla – Bug 824305
VUL-0: phpMyAdmin: CVE-2013-3241: Global variables overwrite in "export.php".
Last modified: 2013-06-12 16:29:07 UTC
Public via PMASA-2013-5. http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php PMASA-2013-5 ------------ Announcement-ID: PMASA-2013-5 Date: 2013-04-24 Summary: Global variables overwrite in "export.php". Description: The export script generates global variables from those present in the $_POST superglobal. This may lead to other exploits in the export script. Severity: We consider this vulnerability to be serious. Mitigation factor: This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users to access the required form. Affected Versions: phpMyAdmin versions 4.x (prior to 4.0.0-rc3). Solution: Upgrade to phpMyAdmin 4.0.0-rc3 or newer. References: Thanks to Janek Vind for reporting this issue. Assigned CVE ids: CVE-2013-3241 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3241 CWE ids: CWE-661 http://cwe.mitre.org/data/definitions/661.html
bugbot adjusting priority
fixed with update to 4.0.3