CVE-2013-5003

phpMyAdmin <3.5.8.2, <4.0.4.2 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/61923

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59832

Vendor Advisory x_refsource_confirm

http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php

Scores

EPSS 0.0037

EPSS Percentile 59.2%

Details

CWE

CWE-89

Status published

Products (18)

phpmyadmin/phpmyadmin 3.5.0.0

phpmyadmin/phpmyadmin 3.5.1.0

phpmyadmin/phpmyadmin 3.5.2.0

phpmyadmin/phpmyadmin 3.5.2.1

phpmyadmin/phpmyadmin 3.5.2.2

phpmyadmin/phpmyadmin 3.5.3.0

phpmyadmin/phpmyadmin 3.5.4

phpmyadmin/phpmyadmin 3.5.5

phpmyadmin/phpmyadmin 3.5.6

phpmyadmin/phpmyadmin 3.5.7 (2 CPE variants)

... and 8 more

Published Jul 31, 2013

Tracked Since Feb 18, 2026