High severityNVD Advisory· Published Apr 26, 2013· Updated Jun 16, 2026
CVE-2013-3239
CVE-2013-3239
Description
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | >= 3.5.0, < 3.5.8.1 | 3.5.8.1 |
Affected products
15cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.8:rc1:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:*
- ghsa-coords2 versions
>= 3.5.0, < 3.5.8.1+ 1 more
- (no CPE)range: >= 3.5.0, < 3.5.8.1
- (no CPE)range: < 4.6.5.2-1.1
Patches
Vulnerability mechanics
References
12- github.com/phpmyadmin/phpmyadmin/commit/1f6bc0b707002e26cab216b9e57b4d5de764de48nvdExploitPatchWEB
- www.phpmyadmin.net/home_page/security/PMASA-2013-3.phpnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-gg36-9346-9qx9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-3239ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.htmlnvdWEB
- lists.opensuse.org/opensuse-updates/2013-06/msg00181.htmlnvdWEB
- github.com/phpmyadmin/phpmyadmin/commit/d3fafdfba0807068196655e9b6d16c5d1d3ccf8anvdWEB
- archives.neohapsis.com/archives/bugtraq/2013-04/0217.htmlnvd
- www.mandriva.com/security/advisoriesnvd
- wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133nvd
News mentions
0No linked articles in our index yet.