CVE-2005-3299

phpMyAdmin <2.6.4-2.6.4-pl1 - RCE

Title source: llm

Description

PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.

Exploits (3)

exploitdb WORKING POC VERIFIED

by cXIb8O3 · perlwebappsphp

https://www.exploit-db.com/exploits/1244

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by RizeKishimaro · poc

https://github.com/RizeKishimaro/CVE-2005-3299

View Code ZIP pw:eip

nomisec NO CODE

by Cr0w-ui · poc

https://github.com/Cr0w-ui/-CVE-2005-3299-

View Code ZIP pw:eip

References (5)

[Patch, Vendor Advisory] http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-4

[Patch, Vendor Advisory] http://secunia.com/advisories/17137

[Patch, Vendor Advisory] http://www.gentoo.org/security/en/glsa/glsa-200510-16.xml

[Third Party Advisory] http://securityreason.com/securityalert/69

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15053

Scores

EPSS 0.0886

EPSS Percentile 92.6%

Details

Status published

Products (2)

phpmyadmin/phpmyadmin 2.6.4

phpmyadmin/phpmyadmin 2.6.4_pl1

Published Oct 23, 2005

Tracked Since Feb 18, 2026