Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
2

CVE-2005-3299

Disclosure Date: October 23, 2005
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

nmap —script exploit 164.100.94.186
Disclosure date: 2005-10-nil
| Extra information:
| ../../../../../etc/passwd :
| <html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: 16035532474987810818<br><br><a href='javascript:history.back();'>[Go Back]</a></body></html>
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_ http://www.exploit-db.com/exploits/1244/

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • phpmyadmin

Products

  • phpmyadmin 2.6.4,
  • phpmyadmin 2.6.4 pl1

Exploited in the Wild

Reported by:
Technical Analysis