Moderate severityNVD Advisory· Published Jul 4, 2013· Updated Jun 16, 2026
CVE-2013-4729
CVE-2013-4729
Description
import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | >= 4.0, < 4.0.4.1 | 4.0.4.1 |
Affected products
9cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*
- ghsa-coords2 versions
>= 4.0, < 4.0.4.1+ 1 more
- (no CPE)range: >= 4.0, < 4.0.4.1
- (no CPE)range: < 4.6.5.2-1.1
Patches
Vulnerability mechanics
References
4- github.com/phpmyadmin/phpmyadmin/commit/012464268420e53a9cd81cbb4a43988d70393c36nvdExploitPatchWEB
- www.phpmyadmin.net/home_page/security/PMASA-2013-7.phpnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-x962-w72p-mv7qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4729ghsaADVISORY
News mentions
0No linked articles in our index yet.