CVE-2013-3241

Vulnerability

The export.php script in phpMyAdmin versions 4.x prior to 4.0.0-rc3 overwrites global variables based on the contents of the $_POST superglobal array. This vulnerability allows remote authenticated users to inject arbitrary values into global variables by sending a crafted POST request. Authentication is required, as the usual token protection prevents unauthenticated access to the required form [1].

Exploitation

An attacker with valid credentials can craft a POST request to export.php containing parameters that overwrite global variables. The attacker needs network access to the phpMyAdmin instance and must be logged in. The official advisory states that this can only be triggered by someone who is logged in to phpMyAdmin [1].

Impact

Successful exploitation allows the attacker to inject values into global variables used by the export script. This could potentially enable further exploits within the same script, leading to serious security consequences such as arbitrary code execution or information disclosure. The advisory rates this vulnerability as serious [1].

Mitigation

Upgrade to phpMyAdmin version 4.0.0-rc3 or later, which fixes the global variable overwrite issue. No workaround is currently available for earlier versions. The fix is included in the 4.0.0-rc3 release [1].