CVE-2013-3239

phpMyAdmin <3.5.8 and <4.0.0-rc3 - Authenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3239.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in phpMyAdmin, including remote code execution via preg_replace() and file extension manipulation. It provides root cause analysis, affected code snippets, and step-by-step exploitation details.

Description

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/25003

View Code ZIP pw:eip

This is a detailed technical analysis of multiple vulnerabilities in phpMyAdmin, including remote code execution via preg_replace() and file extension manipulation. It provides root cause analysis, affected code snippets, and step-by-step exploitation details.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: phpMyAdmin 3.5.8 and 4.0.0-RC2

Auth required

Prerequisites: Valid phpMyAdmin user credentials · PHP version < 5.4.7 for preg_replace() exploit · Apache webserver with unknown MIME for 'sql' extension for file extension exploit

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →