Description

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.

Remediation

References

CVE-2013-4729

Related Vulnerabilities

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Unspecified Vulnerability (2.6.21)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25702)

SeoPanel Cross-site Scripting (XSS) Vulnerability (CVE-2020-35930)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4043)

WordPress Plugin WP Symposium Pro Social Network Cross-Site Scripting (16.01)

Severity

Medium

Classification

CVE-2013-4729 CWE-264

Tags

Missing Update Known Vulnerabilities