globals.php in Mambo Site Server 4.0.14 and previous versions, when register_globals is disabled, allows remote malicious users to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mambo mambo site server 4.0.12_rc1 |
||
mambo mambo site server 4.0.12_rc2 |
||
mambo mambo site server 4.0.11 |
||
mambo mambo site server 4.0.12 |
||
mambo mambo site server 4.0 |
||
mambo mambo site server 4.0.10 |
||
mambo mambo site server 4.0.12_rc3 |
||
mambo mambo site server 4.0.14 |
||
mambo mambo site server 4.0.12_beta |
||
mambo mambo site server 4.0.12_beta_2 |