CVE-2013-3240

phpMyAdmin <4.0.0-rc3 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3240.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in phpMyAdmin, including remote code execution via preg_replace() and local file inclusion in export.php. It provides root cause analysis, affected code snippets, and step-by-step exploitation details.

Description

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/25003

View Code ZIP pw:eip

This is a detailed technical analysis of multiple vulnerabilities in phpMyAdmin, including remote code execution via preg_replace() and local file inclusion in export.php. It provides root cause analysis, affected code snippets, and step-by-step exploitation details.

Classification

Writeup 100%

Attack Type

Rce | Lpe | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: phpMyAdmin 3.5.8 and 4.0.0-RC2

Auth required

Prerequisites: Valid phpMyAdmin user credentials · PHP version < 5.4.7 for preg_replace() exploit · PHP version < 5.3.4 for null-byte attacks

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html

Various Sources x_refsource_confirm

http://www.phpmyadmin.net/home_page/security/PMASA-2013-4.php

Scores

EPSS 0.0549

EPSS Percentile 91.7%

Details

CWE

CWE-22

Status published

Products (1)

phpmyadmin/phpmyadmin 4.0.0 rc2

Published Apr 26, 2013

Tracked Since Feb 18, 2026