CVE-2005-3621 — CRLF Injection in Phpmyadmin

5 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 30.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedNov 16

Latest updateMay 1

Description

CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.6.4-pl4-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin< 2.6.4-pl4

▶Debianphpmyadmin/phpmyadmin< 4:2.6.4-pl4-1+3

▶NVDphpmyadmin/phpmyadmin13 versions+12

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

OSV

phpMyAdmin CRLF Injection Vulnerability↗2022-05-01

▶

GHSA

phpMyAdmin CRLF Injection Vulnerability↗2022-05-01

▶

OSV

CVE-2005-3621: CRLF injection vulnerability in phpMyAdmin before 2↗2005-11-16

▶

📋Vendor Advisories

Debian

CVE-2005-3621: phpmyadmin - CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attack...↗2005

▶