CVE-2005-3300 — Phpmyadmin vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

1.9%

top 16.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedOct 23

Latest updateMay 1

Description

The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.6.4-pl3-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:2.6.4-pl3-1+3

▶NVDphpmyadmin/phpmyadmin2.6.4_pl3

Patches

Patch: www.hardened-php.net ↗Patch: www.phpmyadmin.net ↗Patch: www.hardened-php.net ↗

🔴Vulnerability Details

GHSA

GHSA-x7xh-qj32-6gv8: The register_globals emulation layer in grab_globals↗2022-05-01

▶

OSV

CVE-2005-3300: The register_globals emulation layer in grab_globals↗2005-10-23

▶

📋Vendor Advisories

Debian

CVE-2005-3300: phpmyadmin - The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2...↗2005

▶