Back to search
CVE-2005-3300
Published: Oct 23, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SUSE-SR:2005:028
vendor-advisory
x_refsource_SUSE
SUSE-SA:2005:066
vendor-advisory
x_refsource_SUSE
17607
third-party-advisory
x_refsource_SECUNIA
20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability
mailing-list
x_refsource_FULLDISC
17559
third-party-advisory
x_refsource_SECUNIA
http://www.hardened-php.net/advisory_162005.73.html
x_refsource_MISC
20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability
mailing-list
x_refsource_BUGTRAQ
phpmyadmin-multiple-scripts-file-include(22835)
vdb-entry
x_refsource_XF
DSA-880
vendor-advisory
x_refsource_DEBIAN
17337
third-party-advisory
x_refsource_SECUNIA
15169
vdb-entry
x_refsource_BID
GLSA-200510-21
vendor-advisory
x_refsource_GENTOO
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5
x_refsource_CONFIRM
17289
third-party-advisory
x_refsource_SECUNIA
1015091
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now