CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
87.5%
Announcement-ID: PMASA-2005-4
Date: 2005-10-11
Local file inclusion vulnerability
In libraries/grab_globals.lib.php
, the $$__redirect
parameter was not correctly validated, opening the door to a local file inclusion attack.
We consider this vulnerability to be serious. However, it can be exploited only on systems not running in PHP safe mode (unless a deliberate hole was opened by including in open_basedir some paths containing sensitive data).
phpMyAdmin versions 2.6.4 and 2.6.4-pl1.
Upgrade to phpMyAdmin 2.6.4-pl2 or newer.
Assigned CVE ids: CVE-2005-3299
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.