Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3299Phpmyadmin vulnerability

5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
8.9%
top 7.44%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedOct 23
Latest updateMay 1

Description

PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 4:2.6.4-pl2-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:2.6.4-pl2-1+3
NVDphpmyadmin/phpmyadmin2.6.4, 2.6.4_pl1+1

Patches

Patch: secunia.comPatch: www.gentoo.orgPatch: www.phpmyadmin.net

🔴Vulnerability Details

2
GHSA
GHSA-xq8v-3x6g-9vpm: PHP file inclusion vulnerability in grab_globals2022-05-01
OSV
CVE-2005-3299: PHP file inclusion vulnerability in grab_globals2005-10-23

💥Exploits & PoCs

1
Exploit-DB
phpMyAdmin 2.6.4-pl1 - Directory Traversal2005-10-10

📋Vendor Advisories

1
Debian
CVE-2005-3299: phpmyadmin - PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and...2005