CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mambo:mambo_site_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:mambo:mambo_site_server:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mambo:mambo_site_server:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mambo:mambo_site_server:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mambo:mambo_site_server:4.0.12_beta:*:*:*:*:*:*:*
cpe:2.3:a:mambo:mambo_site_server:4.0.12_beta_2:*:*:*:*:*:*:*
cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc1:*:*:*:*:*:*:*
cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc2:*:*:*:*:*:*:*
cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc3:*:*:*:*:*:*:*
cpe:2.3:a:mambo:mambo_site_server:4.0.14:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-11-22 11:03

Updated : 2024-02-28 10:42


NVD link : CVE-2005-3738

Mitre link : CVE-2005-3738

CVE.ORG link : CVE-2005-3738


JSON object : View

Products Affected

mambo

  • mambo_site_server