{"id":"CVE-2013-4729","details":"import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.","aliases":["GHSA-x962-w72p-mv7q"],"modified":"2026-01-27T04:11:45.799125Z","published":"2013-07-04T14:33:41Z","withdrawn":"2026-01-27T04:11:45.799125Z","related":["openSUSE-SU-2024:10054-1"],"references":[{"type":"ADVISORY","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php"},{"type":"FIX","url":"https://github.com/phpmyadmin/phpmyadmin/commit/012464268420e53a9cd81cbb4a43988d70393c36"}],"schema_version":"1.7.3"}