Search for vulnerabilities
Vulnerability details: VCID-bjkg-91qs-skcx
Vulnerability ID VCID-bjkg-91qs-skcx
Aliases CVE-2013-4729
GHSA-x962-w72p-mv7q
Summary phpMyAdmin Global variables scope injection vulnerability import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-621 Variable Extraction Error
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
epss 0.00367 https://api.first.org/data/v1/epss?cve=CVE-2013-4729
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-x962-w72p-mv7q
cvssv3.1 5.4 https://github.com/phpmyadmin/phpmyadmin
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin
cvssv3.1 5.4 https://github.com/phpmyadmin/phpmyadmin/commit/012464268420e53a9cd81cbb4a43988d70393c36
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin/commit/012464268420e53a9cd81cbb4a43988d70393c36
cvssv3.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2013-4729
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-4729
cvssv3.1 5.4 http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php
generic_textual MODERATE http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2013-4729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4729
https://github.com/phpmyadmin/phpmyadmin
https://github.com/phpmyadmin/phpmyadmin/commit/012464268420e53a9cd81cbb4a43988d70393c36
https://nvd.nist.gov/vuln/detail/CVE-2013-4729
http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php
GHSA-x962-w72p-mv7q https://github.com/advisories/GHSA-x962-w72p-mv7q
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/phpmyadmin/phpmyadmin
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/phpmyadmin/phpmyadmin/commit/012464268420e53a9cd81cbb4a43988d70393c36
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2013-4729
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.57896
EPSS Score 0.00367
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:12:05.513942+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x962-w72p-mv7q/GHSA-x962-w72p-mv7q.json 37.0.0