Unrated severityNVD Advisory· Published Apr 26, 2013· Updated Jun 16, 2026
CVE-2013-3238
CVE-2013-3238
Description
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.8:rc1:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:*
- (no CPE)range: 3.5.x before 3.5.8, 4.x before 4.0.0-rc3
Patches
Vulnerability mechanics
References
11- archives.neohapsis.com/archives/bugtraq/2013-04/0217.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.htmlnvd
- lists.opensuse.org/opensuse-updates/2013-06/msg00181.htmlnvd
- www.exploit-db.com/exploits/25136nvd
- www.mandriva.com/security/advisoriesnvd
- www.phpmyadmin.net/home_page/security/PMASA-2013-2.phpnvd
- github.com/phpmyadmin/phpmyadmin/commit/dedd542cdaf1606ca9aa3f6f8f8adb078d8ad549nvd
- github.com/phpmyadmin/phpmyadmin/commit/ffa720d90a79c1f33cf4c5a33403d09a67b42a66nvd
- wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133nvd
News mentions
0No linked articles in our index yet.