Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2005-3300

EPSS 1.89% · P83
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2005-3300

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
phpMyAdmin register_globals emulation 层 本地文件包含漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 phpMyAdmin 2.6.4-pl3 及以前版本 grab_globals.php 文件中的register_globals emulation 层不能完成对上传文件中_FILES数组值的检测,这允许攻击者利用不使用grab_globals.php的直接请求包含任意的本地文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2005-3300

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2005-3300

登录查看更多情报信息。

Same Patch Batch · n/a · 2005-10-23 · 24 CVEs total

CVE-2005-3288Mailsite Express 附加文件 上传漏洞
CVE-2005-3299phpMyAdmin本地文件包含漏洞
CVE-2005-3298OpenWBEM多个未明远程缓冲区溢出漏洞
CVE-2005-3297OpenWBEM多个未明远程缓冲区溢出漏洞
CVE-2005-3296HP-UX FTP服务器目录列表漏洞
CVE-2005-3295HP-UX Itanium本地拒绝服务漏洞
CVE-2005-3294TYPSoft FTP Server RETR拒绝服务漏洞
CVE-2005-3293Xerver 多个输入验证漏洞
CVE-2005-3292Xeobook多个HTML注入漏洞
CVE-2005-3291SPE 不安全文件许可漏洞
CVE-2005-3290Accelerated Mortgage Manager密码字段SQL注入漏洞
CVE-2005-3289IBM AIX LSCFG不安全临时文件创建漏洞
CVE-2005-2972AbiWord畸形标识符处理栈溢出漏洞
CVE-2005-3287Mailsite Express 不完整黑名单漏洞
CVE-2005-3286Kerio 个人防火墙和服务器防火墙 PEB lockout 拒绝服务漏洞
CVE-2005-3285Comersus BackOffice Plus 多个跨站脚本攻击漏洞
CVE-2005-3284Ahnlab V3杀毒软件文档格式处理远程溢出漏洞
CVE-2005-3283TikiWiki未明跨站脚本攻击漏洞
CVE-2005-3282Splatt Forums 远程认证绕过漏洞
CVE-2005-3281PHP-Nuke NukeFixes 目录遍历漏洞

Showing top 20 of 24 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2005-3300

No comments yet

Leave a comment