cvelistv5 - cve-2005-3621

CVE-2005-3621 (GCVE-0-2005-3621)

Vulnerability from cvelistv5 – Published: 2005-11-16 11:00 – Updated: 2024-08-07 23:17

Summary

CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.

Severity ?

No CVSS data available.

CWE

Assigner

debian

References

URL

Tags

	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/17578	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2006/dsa-1207	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/22781	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1015213	vdb-entryx_refsource_SECTRACK
	http://www.phpmyadmin.net/home_page/security.php?…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:23.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
          },
          {
            "name": "17578",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17578"
          },
          {
            "name": "DSA-1207",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1207"
          },
          {
            "name": "22781",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22781"
          },
          {
            "name": "1015213",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015213"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-24T10:00:00",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
        },
        {
          "name": "17578",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17578"
        },
        {
          "name": "DSA-1207",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1207"
        },
        {
          "name": "22781",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22781"
        },
        {
          "name": "1015213",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015213"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2005-3621",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:028",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "17578",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17578"
            },
            {
              "name": "DSA-1207",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1207"
            },
            {
              "name": "22781",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22781"
            },
            {
              "name": "1015213",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015213"
            },
            {
              "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6",
              "refsource": "CONFIRM",
              "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2005-3621",
    "datePublished": "2005-11-16T11:00:00",
    "dateReserved": "2005-11-16T00:00:00",
    "dateUpdated": "2024-08-07T23:17:23.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C3663CE-AF25-4A0A-811E-DE58B7E5D934\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.7_pl1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADDE752A-19A1-4910-9C56-0FDFFA367E30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2_pl1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"701F99C8-D803-4D28-AFDA-B3DB5EBD5EEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A47F3385-8681-4A7D-BF64-8F6EA7FBDFE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D2E7577-5F89-4B2C-9C28-A5268B539968\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_pl1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F86B56F-510F-4C6F-A259-6200DC2B05ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F6E3468-78AF-471C-A09E-1ACCC6867256\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7_pl1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99FD7D45-135D-4AE7-83E0-FDFE436DFE4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFB3EBBF-E696-48D1-B3BA-B3C88C050F12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"794AE77E-843C-4CB4-9462-E4FE8C4C2896\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2_pl1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCE1E983-6EA4-4E0F-B7F8-B0070F8A3752\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3_pl1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1600D28-5583-4FA2-835F-BCE10813DB61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6758F7AC-0FCF-4F6C-8F40-DDF1BA998AB9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n de CRLF en phpMyAdmin anteriores a 2.6.4-pl4 permite a atacantes remotos conducir ataques de separaci\\u00f3n de respuesta HTTP mediante scripts no especificados.\\r\\n\"}]",
      "id": "CVE-2005-3621",
      "lastModified": "2024-11-21T00:02:16.360",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2005-11-16T11:02:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/17578\", \"source\": \"security@debian.org\"}, {\"url\": \"http://secunia.com/advisories/22781\", \"source\": \"security@debian.org\"}, {\"url\": \"http://securitytracker.com/id?1015213\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1207\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2005_28_sr.html\", \"source\": \"security@debian.org\"}, {\"url\": \"http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6\", \"source\": \"security@debian.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/17578\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22781\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1015213\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1207\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2005_28_sr.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@debian.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-3621\",\"sourceIdentifier\":\"security@debian.org\",\"published\":\"2005-11-16T11:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n de CRLF en phpMyAdmin anteriores a 2.6.4-pl4 permite a atacantes remotos conducir ataques de separaci\u00f3n de respuesta HTTP mediante scripts no especificados.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C3663CE-AF25-4A0A-811E-DE58B7E5D934\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.7_pl1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADDE752A-19A1-4910-9C56-0FDFFA367E30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2_pl1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"701F99C8-D803-4D28-AFDA-B3DB5EBD5EEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A47F3385-8681-4A7D-BF64-8F6EA7FBDFE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D2E7577-5F89-4B2C-9C28-A5268B539968\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_pl1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F86B56F-510F-4C6F-A259-6200DC2B05ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F6E3468-78AF-471C-A09E-1ACCC6867256\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7_pl1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99FD7D45-135D-4AE7-83E0-FDFE436DFE4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFB3EBBF-E696-48D1-B3BA-B3C88C050F12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"794AE77E-843C-4CB4-9462-E4FE8C4C2896\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2_pl1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE1E983-6EA4-4E0F-B7F8-B0070F8A3752\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3_pl1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1600D28-5583-4FA2-835F-BCE10813DB61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6758F7AC-0FCF-4F6C-8F40-DDF1BA998AB9\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/17578\",\"source\":\"security@debian.org\"},{\"url\":\"http://secunia.com/advisories/22781\",\"source\":\"security@debian.org\"},{\"url\":\"http://securitytracker.com/id?1015213\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1207\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2005_28_sr.html\",\"source\":\"security@debian.org\"},{\"url\":\"http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6\",\"source\":\"security@debian.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/17578\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22781\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015213\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1207\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2005_28_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GSD-2005-3621

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.

Aliases

CVE-2005-3621

Aliases

CVE-2005-3621

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3621",
    "description": "CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.",
    "id": "GSD-2005-3621",
    "references": [
      "https://www.suse.com/security/cve/CVE-2005-3621.html",
      "https://www.debian.org/security/2006/dsa-1207"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3621"
      ],
      "details": "CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.",
      "id": "GSD-2005-3621",
      "modified": "2023-12-13T01:20:12.711700Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@debian.org",
        "ID": "CVE-2005-3621",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SUSE-SR:2005:028",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
          },
          {
            "name": "17578",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/17578"
          },
          {
            "name": "DSA-1207",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1207"
          },
          {
            "name": "22781",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22781"
          },
          {
            "name": "1015213",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015213"
          },
          {
            "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6",
            "refsource": "CONFIRM",
            "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_pl1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.7_pl1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2_pl1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7_pl1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2_pl1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3_pl1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2005-3621"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6"
            },
            {
              "name": "1015213",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015213"
            },
            {
              "name": "SUSE-SR:2005:028",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "17578",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/17578"
            },
            {
              "name": "DSA-1207",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1207"
            },
            {
              "name": "22781",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22781"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2008-09-05T20:54Z",
      "publishedDate": "2005-11-16T11:02Z"
    }
  }
}

FKIE_CVE-2005-3621

Vulnerability from fkie_nvd - Published: 2005-11-16 11:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.

References

URL	Tags
security@debian.org	http://secunia.com/advisories/17578
security@debian.org	http://secunia.com/advisories/22781
security@debian.org	http://securitytracker.com/id?1015213
security@debian.org	http://www.debian.org/security/2006/dsa-1207
security@debian.org	http://www.novell.com/linux/security/advisories/2005_28_sr.html
security@debian.org	http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17578
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22781
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015213
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1207
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2005_28_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
phpmyadmin	phpmyadmin	2.2.0
phpmyadmin	phpmyadmin	2.2.7_pl1
phpmyadmin	phpmyadmin	2.5.2_pl1
phpmyadmin	phpmyadmin	2.5.3
phpmyadmin	phpmyadmin	2.5.4
phpmyadmin	phpmyadmin	2.5.5_pl1
phpmyadmin	phpmyadmin	2.5.6_rc2
phpmyadmin	phpmyadmin	2.5.7_pl1
phpmyadmin	phpmyadmin	2.6.0_pl3
phpmyadmin	phpmyadmin	2.6.1_pl3
phpmyadmin	phpmyadmin	2.6.2_pl1
phpmyadmin	phpmyadmin	2.6.3_pl1
phpmyadmin	phpmyadmin	2.6.4_pl3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C3663CE-AF25-4A0A-811E-DE58B7E5D934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.7_pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADDE752A-19A1-4910-9C56-0FDFFA367E30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2_pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "701F99C8-D803-4D28-AFDA-B3DB5EBD5EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A47F3385-8681-4A7D-BF64-8F6EA7FBDFE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D2E7577-5F89-4B2C-9C28-A5268B539968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F86B56F-510F-4C6F-A259-6200DC2B05ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F6E3468-78AF-471C-A09E-1ACCC6867256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7_pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "99FD7D45-135D-4AE7-83E0-FDFE436DFE4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB3EBBF-E696-48D1-B3BA-B3C88C050F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "794AE77E-843C-4CB4-9462-E4FE8C4C2896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2_pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE1E983-6EA4-4E0F-B7F8-B0070F8A3752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3_pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1600D28-5583-4FA2-835F-BCE10813DB61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6758F7AC-0FCF-4F6C-8F40-DDF1BA998AB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n de CRLF en phpMyAdmin anteriores a 2.6.4-pl4 permite a atacantes remotos conducir ataques de separaci\u00f3n de respuesta HTTP mediante scripts no especificados.\r\n"
    }
  ],
  "id": "CVE-2005-3621",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-16T11:02:00.000",
  "references": [
    {
      "source": "security@debian.org",
      "url": "http://secunia.com/advisories/17578"
    },
    {
      "source": "security@debian.org",
      "url": "http://secunia.com/advisories/22781"
    },
    {
      "source": "security@debian.org",
      "url": "http://securitytracker.com/id?1015213"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.debian.org/security/2006/dsa-1207"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WJ42-52PV-WFJ2

Vulnerability from github – Published: 2022-05-01 02:19 – Updated: 2023-09-18 23:46

Summary

phpMyAdmin CRLF Injection Vulnerability

Details

CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "phpmyadmin/phpmyadmin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.4-pl4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2005-3621"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-18T23:46:33Z",
    "nvd_published_at": "2005-11-16T11:02:00Z",
    "severity": "MODERATE"
  },
  "details": "CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.",
  "id": "GHSA-wj42-52pv-wfj2",
  "modified": "2023-09-18T23:46:33Z",
  "published": "2022-05-01T02:19:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3621"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20060514052317/http://securitytracker.com/alerts/2005/Nov/1015213.html"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20061015000000*/http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2006/dsa-1207"
    },
    {
      "type": "WEB",
      "url": "https://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "phpMyAdmin CRLF Injection Vulnerability"
}

VAR-200511-0093

Vulnerability from variot - Updated: 2023-12-18 11:16

CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. phpMyAdmin is prone to an HTTP-response-splitting vulnerability because the application fails to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust. This issue is reported to affect phpMyAdmin version 2.7.0-beta1; other versions may also be vulnerable.

The vulnerability is caused due to an error in the register_globals emulation layer in "grab_globals.php" where the "import_blacklist" variable is not properly protected from being overwritten. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. http://www.phpmyadmin.net/home_page/downloads.php

PROVIDED AND/OR DISCOVERED BY: Reported by vendor. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Debian Security Advisory DSA 1207-2 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 19th, 2006 http://www.debian.org/security/faq

Package : phpmyadmin Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2006-1678 CVE-2006-2418 CVE-2005-3621 CVE-2005-3665 CVE-2006-5116 Debian Bug : 339437 340438 362567 368082 391090

The phpmyadmin update in DSA 1207 introduced a regression. This update corrects this flaw. For completeness, the original advisory text below:

Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web.

CVE-2005-3665

Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST
variable and (2) various scripts in the libraries directory that
handle header generation.

CVE-2006-1678

Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via scripts in the
themes directory.

CVE-2006-5116

A remote attacker could overwrite internal variables through the
_FILES global variable.

For the stable distribution (sarge) these problems have been fixed in version 2.6.2-3sarge3.

For the upcoming stable release (etch) and unstable distribution (sid) these problems have been fixed in version 2.9.0.3-1.

We recommend that you upgrade your phpmyadmin package.

Upgrade Instructions

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3.dsc
  Size/MD5 checksum:      604 32ee16f4370604bc150d93c5676fface
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3.diff.gz
  Size/MD5 checksum:    38520 f27c4b99bbdb3dc13fb71aef99749247
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2.orig.tar.gz
  Size/MD5 checksum:  2654418 05e33121984824c43d94450af3edf267

Architecture independent components:

http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3_all.deb
  Size/MD5 checksum:  2769182 00f14fb52a14546e92ece84c16cd249f

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFYFPdXm3vHE4uyloRAgj5AJ4k0NXBlTZgTK+vJTlgPNTEBfeBGgCg61oX s2aDzIfiBIc0hbLjIGOwEcQ= =EQpq -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .

To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.

The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.

For more information: SA17578 SA17895 SA19556 SA20113 SA22126

SOLUTION: Apply updated packages.

Some input passed to "libraries/header_http.inc.php" isn't properly sanitised before being returned to the user. This can be exploited to include arbitrary HTTP headers in a response sent to the user.

Successful exploitation requires that "register_globals" is enabled.

It is also possible to disclose the full path to certain scripts by accessing them directly. http://www.phpmyadmin.net/home_page/downloads.php

PROVIDED AND/OR DISCOVERED BY: Toni Koivunen

ORIGINAL ADVISORY: Toni Koivunen: http://www.fitsec.com/advisories/FS-05-02.txt

phpMyAdmin: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200511-0093",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "phpmyadmin",
        "version": "2.6.1_pl3"
      },
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "phpmyadmin",
        "version": "2.5.3"
      },
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "phpmyadmin",
        "version": "2.5.2_pl1"
      },
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "phpmyadmin",
        "version": "2.5.6_rc2"
      },
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "phpmyadmin",
        "version": "2.5.4"
      },
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "phpmyadmin",
        "version": "2.2.7_pl1"
      },
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "phpmyadmin",
        "version": "2.6.0_pl3"
      },
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "phpmyadmin",
        "version": "2.2.0"
      },
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "phpmyadmin",
        "version": "2.5.5_pl1"
      },
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "phpmyadmin",
        "version": "2.5.7_pl1"
      },
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phpmyadmin",
        "version": "2.6.2_pl1"
      },
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phpmyadmin",
        "version": "2.6.3_pl1"
      },
      {
        "model": "phpmyadmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "phpmyadmin",
        "version": "2.6.4_pl3"
      },
      {
        "model": "web application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "web application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "6.40"
      },
      {
        "model": "web application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "6.20"
      },
      {
        "model": "web application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "6.10"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.3"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.2"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.1"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": ".0-beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "phpmyadmin",
        "version": "2.7"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "3.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "15422"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3621"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-204"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_pl1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.7_pl1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2_pl1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7_pl1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2_pl1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3_pl1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3621"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Toni Koivunen is credited with the discovery of this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "15422"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-204"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2005-3621",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-3621",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200511-204",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3621"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-204"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. phpMyAdmin is prone to an HTTP-response-splitting vulnerability because the application fails to properly sanitize user-supplied input. \nA remote attacker may exploit this vulnerability to influence or misrepresent web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust. \nThis issue is reported to affect phpMyAdmin version 2.7.0-beta1; other versions may also be vulnerable. \n\nThe vulnerability is caused due to an error in the register_globals\nemulation layer in \"grab_globals.php\" where the \"import_blacklist\"\nvariable is not properly protected from being overwritten. This can be exploited to execute arbitrary HTML\nand script code in a user\u0027s browser session in context of an affected\nsite. \nhttp://www.phpmyadmin.net/home_page/downloads.php\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1207-2                    security@debian.org\nhttp://www.debian.org/security/                         Moritz Muehlenhoff\nNovember 19th, 2006                     http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage        : phpmyadmin\nVulnerability  : several\nProblem-Type   : remote\nDebian-specific: no\nCVE ID         : CVE-2006-1678 CVE-2006-2418 CVE-2005-3621 CVE-2005-3665 CVE-2006-5116\nDebian Bug     : 339437 340438 362567 368082 391090\n\nThe phpmyadmin update in DSA 1207 introduced a regression. This update\ncorrects this flaw. For completeness, the original advisory text below:\n \nSeveral remote vulnerabilities have been discovered in phpMyAdmin, a\nprogram to administrate MySQL over the web. \n\nCVE-2005-3665\n\n    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n    attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST\n    variable and (2) various scripts in the libraries directory that\n    handle header generation. \n\nCVE-2006-1678\n\n    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n    attackers to inject arbitrary web script or HTML via scripts in the\n    themes directory. \n\nCVE-2006-5116\n\n    A remote attacker could overwrite internal variables through the\n    _FILES global variable. \n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.6.2-3sarge3. \n\nFor the upcoming stable release (etch) and unstable distribution (sid)\nthese problems have been fixed in version 2.9.0.3-1. \n\nWe recommend that you upgrade your phpmyadmin package. \n\nUpgrade Instructions\n- --------------------\n\nwget url\n        will fetch the file for you\ndpkg -i file.deb\n        will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n        will update the internal database\napt-get upgrade\n        will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n  Source archives:\n\n    http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3.dsc\n      Size/MD5 checksum:      604 32ee16f4370604bc150d93c5676fface\n    http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3.diff.gz\n      Size/MD5 checksum:    38520 f27c4b99bbdb3dc13fb71aef99749247\n    http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2.orig.tar.gz\n      Size/MD5 checksum:  2654418 05e33121984824c43d94450af3edf267\n\n  Architecture independent components:\n\n    http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3_all.deb\n      Size/MD5 checksum:  2769182 00f14fb52a14546e92ece84c16cd249f\n\n\n  These files will probably be moved into the stable distribution on\n  its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niD8DBQFFYFPdXm3vHE4uyloRAgj5AJ4k0NXBlTZgTK+vJTlgPNTEBfeBGgCg61oX\ns2aDzIfiBIc0hbLjIGOwEcQ=\n=EQpq\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nFor more information:\nSA17578\nSA17895\nSA19556\nSA20113\nSA22126\n\nSOLUTION:\nApply updated packages. \r\n\r\nSome input passed to \"libraries/header_http.inc.php\" isn\u0027t properly\nsanitised before being returned to the user. This can be exploited to\ninclude arbitrary HTTP headers in a response sent to the user. \r\n\r\nSuccessful exploitation requires that \"register_globals\" is enabled. \r\n\r\nIt is also possible to disclose the full path to certain scripts by\naccessing them directly. \r\nhttp://www.phpmyadmin.net/home_page/downloads.php\n\nPROVIDED AND/OR DISCOVERED BY:\nToni Koivunen\n\nORIGINAL ADVISORY:\nToni Koivunen:\r\nhttp://www.fitsec.com/advisories/FS-05-02.txt\r\n\r\nphpMyAdmin:\r\nhttp://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3621"
      },
      {
        "db": "BID",
        "id": "15422"
      },
      {
        "db": "PACKETSTORM",
        "id": "43410"
      },
      {
        "db": "PACKETSTORM",
        "id": "42148"
      },
      {
        "db": "PACKETSTORM",
        "id": "42110"
      },
      {
        "db": "PACKETSTORM",
        "id": "52337"
      },
      {
        "db": "PACKETSTORM",
        "id": "51974"
      },
      {
        "db": "PACKETSTORM",
        "id": "51856"
      },
      {
        "db": "PACKETSTORM",
        "id": "41587"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2005-3621",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "22781",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "17578",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1015213",
        "trust": 1.6
      },
      {
        "db": "SUSE",
        "id": "SUSE-SR:2005:028",
        "trust": 0.6
      },
      {
        "db": "DEBIAN",
        "id": "DSA-1207",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-204",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "15422",
        "trust": 0.3
      },
      {
        "db": "SECUNIA",
        "id": "18618",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "43410",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "17925",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "42148",
        "trust": 0.1
      },
      {
        "db": "SECUNIA",
        "id": "17895",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "42110",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "52337",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51974",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51856",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41587",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "15422"
      },
      {
        "db": "PACKETSTORM",
        "id": "43410"
      },
      {
        "db": "PACKETSTORM",
        "id": "42148"
      },
      {
        "db": "PACKETSTORM",
        "id": "42110"
      },
      {
        "db": "PACKETSTORM",
        "id": "52337"
      },
      {
        "db": "PACKETSTORM",
        "id": "51974"
      },
      {
        "db": "PACKETSTORM",
        "id": "51856"
      },
      {
        "db": "PACKETSTORM",
        "id": "41587"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3621"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-204"
      }
    ]
  },
  "id": "VAR-200511-0093",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.50441176
  },
  "last_update_date": "2023-12-18T11:16:35.467000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3621"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.phpmyadmin.net/home_page/security.php?issue=pmasa-2005-6"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/17578"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/22781"
      },
      {
        "trust": 1.6,
        "url": "http://securitytracker.com/id?1015213"
      },
      {
        "trust": 1.6,
        "url": "http://www.debian.org/security/2006/dsa-1207"
      },
      {
        "trust": 1.6,
        "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
      },
      {
        "trust": 0.5,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.5,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.5,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.4,
        "url": "http://www.fitsec.com/advisories/fs-05-02.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.owasp.org/index.php/main_page"
      },
      {
        "trust": 0.3,
        "url": "http://www.sap.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/416696"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/416148"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/17578/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/17895/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/product/1720/"
      },
      {
        "trust": 0.3,
        "url": "http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/17925/"
      },
      {
        "trust": 0.2,
        "url": "http://www.phpmyadmin.net/home_page/downloads.php"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/product/1719/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1678"
      },
      {
        "trust": 0.2,
        "url": "http://packages.debian.org/\u003cpkg\u003e"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5116"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2418"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3665"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3621"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge2_all.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge2.diff.gz"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge2.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4258/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4933/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2467/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.suse.com/archive/suse-security-announce/2006-jan/0006.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6221/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/18618/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3473/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hardened-php.net/advisory_252005.110.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/17289/"
      },
      {
        "trust": 0.1,
        "url": "http://sourceforge.net/project/showfiles.php?group_id=23067"
      },
      {
        "trust": 0.1,
        "url": "http://www.phpmyadmin.net/home_page/security.php?issue=pmasa-2005-8"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/22781/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/19556/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/products/48/?r=l"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/530/"
      },
      {
        "trust": 0.1,
        "url": "http://www.us.debian.org/security/2006/dsa-1207"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20113/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5307/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/22126/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "15422"
      },
      {
        "db": "PACKETSTORM",
        "id": "43410"
      },
      {
        "db": "PACKETSTORM",
        "id": "42148"
      },
      {
        "db": "PACKETSTORM",
        "id": "42110"
      },
      {
        "db": "PACKETSTORM",
        "id": "52337"
      },
      {
        "db": "PACKETSTORM",
        "id": "51974"
      },
      {
        "db": "PACKETSTORM",
        "id": "51856"
      },
      {
        "db": "PACKETSTORM",
        "id": "41587"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3621"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-204"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "15422"
      },
      {
        "db": "PACKETSTORM",
        "id": "43410"
      },
      {
        "db": "PACKETSTORM",
        "id": "42148"
      },
      {
        "db": "PACKETSTORM",
        "id": "42110"
      },
      {
        "db": "PACKETSTORM",
        "id": "52337"
      },
      {
        "db": "PACKETSTORM",
        "id": "51974"
      },
      {
        "db": "PACKETSTORM",
        "id": "51856"
      },
      {
        "db": "PACKETSTORM",
        "id": "41587"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3621"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-204"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-11-09T00:00:00",
        "db": "BID",
        "id": "15422"
      },
      {
        "date": "2006-01-27T06:43:36",
        "db": "PACKETSTORM",
        "id": "43410"
      },
      {
        "date": "2005-12-07T17:36:35",
        "db": "PACKETSTORM",
        "id": "42148"
      },
      {
        "date": "2005-12-07T01:44:11",
        "db": "PACKETSTORM",
        "id": "42110"
      },
      {
        "date": "2006-11-20T16:15:03",
        "db": "PACKETSTORM",
        "id": "52337"
      },
      {
        "date": "2006-11-13T15:36:34",
        "db": "PACKETSTORM",
        "id": "51974"
      },
      {
        "date": "2006-11-10T16:02:24",
        "db": "PACKETSTORM",
        "id": "51856"
      },
      {
        "date": "2005-11-19T21:56:12",
        "db": "PACKETSTORM",
        "id": "41587"
      },
      {
        "date": "2005-11-16T11:02:00",
        "db": "NVD",
        "id": "CVE-2005-3621"
      },
      {
        "date": "2005-11-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200511-204"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-01-12T22:30:00",
        "db": "BID",
        "id": "15422"
      },
      {
        "date": "2008-09-05T20:54:49.227000",
        "db": "NVD",
        "id": "CVE-2005-3621"
      },
      {
        "date": "2005-11-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200511-204"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "51974"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-204"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "phpMyAdmin CRLF Injection vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-204"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-204"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-3621 (GCVE-0-2005-3621)

GSD-2005-3621

FKIE_CVE-2005-3621

GHSA-WJ42-52PV-WFJ2

VAR-200511-0093

Tags

Sightings

Nomenclature