Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-5003)

Description

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.

Remediation

References

Related Vulnerabilities

WordPress Plugin VideoWhisper Video Conference Integration Arbitrary File Upload (4.91.8)

WordPress Plugin WP Social Invitations Cross-Site Scripting (1.4.4.2)

Internet Information Services Other Vulnerability (CVE-2000-0630)

Jenkins Inadequate Encryption Strength Vulnerability (CVE-2017-2598)

Oracle HTTP Server Improper Input Validation Vulnerability (CVE-2020-35169)

Severity

Medium

Classification

CVE-2013-5003 CWE-138

Tags

Missing Update Known Vulnerabilities