Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3300

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3300
Last Modified 10 Sep 2008 03:46:37
Published 23 Oct 2005 05:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3300

Summary

The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.

Vulnerable Systems

Application

  • Phpmyadmin 2.6.4 Pl3


References

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5

MISC - http://www.hardened-php.net/advisory_162005.73.html

XF - phpmyadmin-multiple-scripts-file-include(22835)

BID - 15169

SUSE - SUSE-SA:2005:066

SUSE - SUSE-SR:2005:028

GENTOO - GLSA-200510-21

DEBIAN - DSA-880

SECTRACK - 1015091

SECUNIA - 17607

SECUNIA - 17559

SECUNIA - 17337

SECUNIA - 17289

BUGTRAQ - 20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability


Last Updated: 27 May 2016 10:40:52