Description

PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.

Remediation

References

CVE-2005-3299

Related Vulnerabilities

WordPress Plugin wp-football Multiple Cross-Site Scripting Vulnerabilities (1.1)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2571)

Jenkins Insufficient Verification of Data Authenticity Vulnerability (CVE-2015-7539)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3732)

WordPress Plugin WebLibrarian Cross-Site Scripting (3.4.8.6)

Severity

Medium

Classification

CVE-2005-3299

Tags

Missing Update Known Vulnerabilities