CVE-2005-3621
Description
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | < 2.6.4-pl4 | 2.6.4-pl4 |
Affected products
14cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.7_pl1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2_pl1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_pl1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7_pl1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl3:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2_pl1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3_pl1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
Root cause
"Missing direct-access check in libraries/header_http.inc.php allows CRLF injection when register_globals is enabled."
Attack vector
The vulnerability resides in `libraries/header_http.inc.php`, which does not check for direct access. When PHP's `register_globals` is enabled, a remote attacker can craft a URL that injects CRLF sequences into the HTTP response headers, causing the server to return a split response [ref_id=1]. This allows the attacker to spoof content on the target server, poison intermediate web caches, or conduct cross-site scripting attacks [ref_id=1]. No authentication is required; the only precondition is that `register_globals` is enabled on the server [ref_id=1].
What the fix does
The advisory states that no solution was available at the time of disclosure [ref_id=1]. The vendor later addressed the issue in phpMyAdmin 2.6.4-pl4, as referenced by the NVD entry [ref_id=2]. The fix would involve adding a direct-access check in `libraries/header_http.inc.php` and sanitizing any user-controlled input that could be used to inject CRLF sequences into HTTP response headers.
Preconditions
- configPHP register_globals must be enabled on the server
- authNo authentication required; attacker can send a crafted URL to any user
- networkAttacker must be able to deliver a specially crafted URL to the target server
- inputCRLF sequences injected via URL parameters to header_http.inc.php
Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
12- www.phpmyadmin.net/home_page/security.phpnvdPatchVendor Advisory
- github.com/advisories/GHSA-wj42-52pv-wfj2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2005-3621ghsaADVISORY
- web.archive.org/web/20060514052317/http://securitytracker.com/alerts/2005/Nov/1015213.htmlghsaWEB
- web.archive.org/web/20061015000000*/http://www.novell.com/linux/security/advisories/2005_28_sr.htmlghsaWEB
- www.debian.org/security/2006/dsa-1207ghsaWEB
- www.phpmyadmin.net/home_page/security.phpghsaWEB
- secunia.com/advisories/17578nvd
- secunia.com/advisories/22781nvd
- securitytracker.com/idnvd
- www.debian.org/security/2006/dsa-1207nvd
- www.novell.com/linux/security/advisories/2005_28_sr.htmlnvd
News mentions
0No linked articles in our index yet.