Published: 22/11/2005 Updated: 19/10/2018

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 265

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

globals.php in Mambo Site Server 4.0.14 and previous versions, when register_globals is disabled, allows remote malicious users to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mambo mambo site server 4.0.12_rc1
mambo mambo site server 4.0.12_rc2
mambo mambo site server 4.0.11
mambo mambo site server 4.0.12
mambo mambo site server 4.0
mambo mambo site server 4.0.10
mambo mambo site server 4.0.12_rc3
mambo mambo site server 4.0.14
mambo mambo site server 4.0.12_beta
mambo mambo site server 4.0.12_beta_2

<?php # # # ---mambo452_xplphp 1519 17/11/2005 # # # # Mambo <= 452 Globals overwrite / remote commands execution # # ...

NVD-CWE-Other http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html http://www.securityfocus.com/archive/1/417215 http://www.securityfocus.com/bid/15461 http://forum.mamboserver.com/showthread.php?t=66154 http://securitytracker.com/id?1015258 http://secunia.com/advisories/17622 http://www.vupen.com/english/advisories/2005/2473 http://www.securityfocus.com/archive/1/427196/100/0/threaded http://www.securityfocus.com/archive/1/426942/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1337/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-3738

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect