1. CVE-Search
  2. CVE-2005-3300
ID CVE-2005-3300
Summary The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.
References
Vulnerable Configurations
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 15169
bugtraq 20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability
confirm http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5
debian DSA-880
fulldisc 20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability
gentoo GLSA-200510-21
misc http://www.hardened-php.net/advisory_162005.73.html
sectrack 1015091
secunia
  • 17289
  • 17337
  • 17559
  • 17607
suse
  • SUSE-SA:2005:066
  • SUSE-SR:2005:026
  • SUSE-SR:2005:028
xf phpmyadmin-multiple-scripts-file-include(22835)
Last major update 11-07-2017 - 01:33
Published 23-10-2005 - 21:02
Last modified 11-07-2017 - 01:33
Back to Top