4.3

CVE-2013-5029

Exploit
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
PhpmyadminPhpmyadmin Version3.5.0.0
PhpmyadminPhpmyadmin Version3.5.1.0
PhpmyadminPhpmyadmin Version3.5.2.0
PhpmyadminPhpmyadmin Version3.5.2.1
PhpmyadminPhpmyadmin Version3.5.2.2
PhpmyadminPhpmyadmin Version3.5.3.0
PhpmyadminPhpmyadmin Version3.5.4
PhpmyadminPhpmyadmin Version3.5.5
PhpmyadminPhpmyadmin Version3.5.6
PhpmyadminPhpmyadmin Version3.5.7
PhpmyadminPhpmyadmin Version3.5.7 Updaterc1
PhpmyadminPhpmyadmin Version3.5.8
PhpmyadminPhpmyadmin Version3.5.8 Updaterc1
PhpmyadminPhpmyadmin Version3.5.8.1
PhpmyadminPhpmyadmin Version3.5.8.2
PhpmyadminPhpmyadmin Version4.0.0
PhpmyadminPhpmyadmin Version4.0.0 Updaterc2
PhpmyadminPhpmyadmin Version4.0.0 Updaterc3
PhpmyadminPhpmyadmin Version4.0.1
PhpmyadminPhpmyadmin Version4.0.2
PhpmyadminPhpmyadmin Version4.0.3
PhpmyadminPhpmyadmin Version4.0.4
PhpmyadminPhpmyadmin Version4.0.4.1
PhpmyadminPhpmyadmin Version4.0.4.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.28% 0.808
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00013.html
http://secunia.com/advisories/54488
Vendor Advisory
http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php
Vendor Advisory
https://github.com/phpmyadmin/phpmyadmin/commit/240b8332db53dedc27baeec5306dabad3bdece3b
Patch
Exploit
https://github.com/phpmyadmin/phpmyadmin/commit/24d0eb55203b029f250c77d63f2900ffbe099e8b
Patch
Exploit
https://github.com/phpmyadmin/phpmyadmin/commit/66fe475d4f51b1761719cb0cab360748800373f7
Patch
https://github.com/phpmyadmin/phpmyadmin/commit/da4042fb6c4365dc8187765c3bf525043687c66f
Patch
Exploit