| Vulnerability Name: | CVE-2005-3300 (CCN-22835) | ||||||||||||
| Assigned: | 2005-10-22 | ||||||||||||
| Published: | 2005-10-22 | ||||||||||||
| Updated: | 2017-07-11 | ||||||||||||
| Summary: | The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: FULLDISC Type: UNKNOWN 20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability Source: CCN Type: Full-Disclosure Mailing List, Sat Oct 22 2005 - 08:33:46 CDT Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability Source: MITRE Type: CNA CVE-2005-3300 Source: BUGTRAQ Type: UNKNOWN 20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability Source: CCN Type: SA17289 phpMyAdmin Local File Inclusion and Cross-Site Scripting Source: SECUNIA Type: UNKNOWN 17289 Source: SECUNIA Type: UNKNOWN 17337 Source: SECUNIA Type: UNKNOWN 17559 Source: SECUNIA Type: UNKNOWN 17607 Source: CCN Type: SECTRACK ID: 1015091 phpMyAdmin `grab_globals.php` Lets Remote Users Include and Execute Local Files Source: SECTRACK Type: UNKNOWN 1015091 Source: DEBIAN Type: UNKNOWN DSA-880 Source: DEBIAN Type: DSA-880 phpmyadmin -- several vulnerabilities Source: CCN Type: GLSA-200510-21 phpMyAdmin: Local file inclusion and XSS vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200510-21 Source: MISC Type: Patch, Vendor Advisory http://www.hardened-php.net/advisory_162005.73.html Source: SUSE Type: UNKNOWN SUSE-SR:2005:028 Source: SUSE Type: UNKNOWN SUSE-SA:2005:066 Source: CCN Type: OSVDB ID: 20259 phpMyAdmin register_globals Compatibility Layer Local File Inclusion Source: CCN Type: phpMyAdmin Web site phpMyAdmin | MySQL Database Administration Tool | www.phpmyadmin.net Source: CONFIRM Type: Patch, Vendor Advisory http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5 Source: BID Type: UNKNOWN 15169 Source: CCN Type: BID-15169 phpMyAdmin Theme Variable Local File Inclusion Vulnerability Source: XF Type: UNKNOWN phpmyadmin-multiple-scripts-file-include(22835) Source: XF Type: UNKNOWN phpmyadmin-multiple-scripts-file-include(22835) Source: SUSE Type: SUSE-SA:2005:066 phpMyAdmin remote code execution Source: SUSE Type: SUSE-SR:2005:025 SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2005:026 SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2005:028 SUSE Security Summary Report | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||