CVE-2005-3390: CVE-2005-3390

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2005-3390

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

PHP文件上传$GLOBALS变量覆盖漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP在全局变量的保护上存在漏洞，攻击者可以通过发送包含有GLOBALS名称文件上传字段的POST请求覆盖$GLOBALS数组，导致可能远程执行PHP代码。PHP 4.3.11添加了一些代码禁止在打开register_globals时覆盖$GLOBALS数组，但这种保护中存在漏洞。引入的代码仅影响GET、POST和COOKIE变量的全局化，但忽略了PHP中的rfc1867文件上传代码也注册了全局变量。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2005-3390

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2005-3390

Please Login to view more intelligence information

http://www.hardened-php.net/globals-problemx_refsource_MISC
http://www.hardened-php.net/advisory_202005.79.htmlx_refsource_MISC
http://support.avaya.com/elmodocs2/security/ASA-2006-037.htmx_refsource_CONFIRM
http://www.php.net/release_4_4_1.phpx_refsource_CONFIRM
http://securityreason.com/securityalert/132third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/21252third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/18669third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/17559third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/18198third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/17531third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/18054third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/22691third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/17510third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/17557third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/17371third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/15250vdb-entryx_refsource_BID
http://secunia.com/advisories/17490third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1015129vdb-entryx_refsource_SECTRACK
https://www.ubuntu.com/usn/usn-232-1/vendor-advisoryx_refsource_UBUNTU
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522vendor-advisoryx_refsource_HP
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.htmlvendor-advisoryx_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2005-838.htmlvendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2005/2254vdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2005-831.htmlvendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2006/4320vdb-entryx_refsource_VUPEN
http://rhn.redhat.com/errata/RHSA-2006-0549.htmlvendor-advisoryx_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2005:213vendor-advisoryx_refsource_MANDRIVA
http://www.gentoo.org/security/en/glsa/glsa-200511-08.xmlvendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/archive/1/419504/100/0/threadedvendor-advisoryx_refsource_SUSE
http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.htmlvendor-advisoryx_refsource_OPENPKG
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10537vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/archive/1/415290/30/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2005-3390

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2005-3390

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2005-3390

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2005-3390

III. Intelligence Information for CVE-2005-3390

IV. Related Vulnerabilities

V. Comments for CVE-2005-3390

Leave a comment