1
Candidate: CVE-2013-3239
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3239
5
http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php
7
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir
8
directory is configured, allows remote authenticated users to execute
9
arbitrary code by using a double extension in the filename of an export
10
file, leading to interpretation of this file as an executable file by the
11
Apache HTTP Server, as demonstrated by a .php.sql filename.
14
jdstrand> per Debian, Requires non-default option saveDir to be enabled, an
15
authenticated untrusted user and Apache mod_mime
22
upstream_phpmyadmin: released (4:3.4.11.1-2)
23
hardy_phpmyadmin: ignored (reached end-of-life)
24
lucid_phpmyadmin: ignored (reached end-of-life)
25
oneiric_phpmyadmin: ignored (reached end-of-life)
26
precise_phpmyadmin: ignored (reached end-of-life)
27
precise/esm_phpmyadmin: DNE (precise was needed)
28
quantal_phpmyadmin: ignored (reached end-of-life)
29
raring_phpmyadmin: not-affected
30
saucy_phpmyadmin: not-affected (4:3.5.8.1-1)
31
trusty_phpmyadmin: not-affected (4:3.5.8.1-1)
32
utopic_phpmyadmin: not-affected (4:3.5.8.1-1)
33
vivid_phpmyadmin: not-affected (4:3.5.8.1-1)
34
vivid/stable-phone-overlay_phpmyadmin: DNE
35
vivid/ubuntu-core_phpmyadmin: DNE
36
wily_phpmyadmin: not-affected (4:3.5.8.1-1)
37
xenial_phpmyadmin: not-affected (4:3.5.8.1-1)
38
yakkety_phpmyadmin: not-affected (4:3.5.8.1-1)
39
zesty_phpmyadmin: not-affected (4:3.5.8.1-1)
40
devel_phpmyadmin: not-affected (4:3.5.8.1-1)