|
|
CVE Reference: CVE-2005-3300 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-3300 |
|
|
Description: The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/22835 SUSE http://www.novell.com/linux/security/advisories/2005_66_phpmyadmin.html http://www.novell.com/linux/security/advisories/2005_28_sr.html ST 1015091 SAID Secunia Advisory: SA17607 Secunia Advisory: SA17559 Secunia Advisory: SA17337 Secunia Advisory: SA17289 MISC http://www.hardened-php.net/advisory_162005.73.html GENTOO http://www.gentoo.org/security/en/glsa/glsa-200510-21.xml FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0478. DEBIAN http://www.debian.org/security/2005/dsa-880 CONFIRM http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=113017591414699&w=2 BID 15169 |
|
| Return to the previous page. |
