Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2005-3300

Published: 23/10/2005 Updated: 11/07/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Phpmyadmin

Vulnerability Summary

The register_globals emulation layer in grab_globals.php for phpMyAdmin prior to 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote malicious users to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.

Vulnerable Product Search on Vulmon Subscribe to Product

phpmyadmin phpmyadmin 2.6.4_pl3

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2005-3301: Cross-Site Scripting vulnerability.
Debian Bug report logs - #335513 CVE-2005-3301: Cross-Site Scripting vulnerability Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: 4:262-3 Date: Mon, 24 Oct 2005 15:18:19 UTC Severity: important Tags: fixed, ...
Debian CVElist Bug Report Logs: CVE-2005-3300: Local file inclusion vulnerability
Debian Bug report logs - #335306 CVE-2005-3300: Local file inclusion vulnerability Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: 4:262-3 Date: Sun, 23 Oct 2005 09:48:08 UTC Severity: grave Tags: fixed, sarg ...

References

NVD-CWE-Otherhttp://www.hardened-php.net/advisory_162005.73.htmlhttp://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0478.http://www.gentoo.org/security/en/glsa/glsa-200510-21.xmlhttp://secunia.com/advisories/17289/http://www.debian.org/security/2005/dsa-880http://www.securityfocus.com/bid/15169http://securitytracker.com/id?1015091http://secunia.com/advisories/17337http://www.novell.com/linux/security/advisories/2005_28_sr.htmlhttp://secunia.com/advisories/17559http://www.novell.com/linux/security/advisories/2005_66_phpmyadmin.htmlhttp://secunia.com/advisories/17607http://marc.info/?l=bugtraq&m=113017591414699&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/22835https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=335513https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook