Vulnerability Description
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Opensuse | 12.2 |
| Phpmyadmin | Phpmyadmin | 3.5.0.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00013.html
- http://secunia.com/advisories/54488Vendor Advisory
- http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.phpVendor Advisory
- https://github.com/phpmyadmin/phpmyadmin/commit/240b8332db53dedc27baeec5306dabadExploitPatch
- https://github.com/phpmyadmin/phpmyadmin/commit/24d0eb55203b029f250c77d63f2900ffExploitPatch
- https://github.com/phpmyadmin/phpmyadmin/commit/66fe475d4f51b1761719cb0cab360748Patch
- https://github.com/phpmyadmin/phpmyadmin/commit/da4042fb6c4365dc8187765c3bf52504ExploitPatch
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00013.html
- http://secunia.com/advisories/54488Vendor Advisory
- http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.phpVendor Advisory
- https://github.com/phpmyadmin/phpmyadmin/commit/240b8332db53dedc27baeec5306dabadExploitPatch
- https://github.com/phpmyadmin/phpmyadmin/commit/24d0eb55203b029f250c77d63f2900ffExploitPatch
- https://github.com/phpmyadmin/phpmyadmin/commit/66fe475d4f51b1761719cb0cab360748Patch
- https://github.com/phpmyadmin/phpmyadmin/commit/da4042fb6c4365dc8187765c3bf52504ExploitPatch
FAQ
What is CVE-2013-5029?
CVE-2013-5029 is a vulnerability with a CVSS score of 4.3 (MEDIUM). phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
How severe is CVE-2013-5029?
CVE-2013-5029 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5029?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Phpmyadmin Phpmyadmin.