Description

PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.

Remediation

References

CVE-2005-3299

Related Vulnerabilities

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0701)

Drupal Core 8.5.x Cross-Site Scripting (8.5.0 - 8.5.1)

WordPress Plugin Popup-Popup More Popups Directory Traversal (2.2.4)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-22452)

Oracle HTTP Server Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-25236)

Severity

Medium

Classification

CVE-2005-3299

Tags

Missing Update Known Vulnerabilities