Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-2905

Published: 30/06/2008 Updated: 29/09/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 695
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Mambo

Vulnerability Summary

PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

mambo mambo 4.5.1.3

mambo mambo 4.5.1_1.0.9

mambo mambo 4.5.3h

mambo mambo 4.5.4

mambo mambo 4.6.1

mambo mambo 4.6.2

mambo mambo 4.0.14

mambo mambo 4.5.1a

mambo mambo 4.5.2

mambo mambo 4.5.2.1

mambo mambo 4.5_1.0.2

mambo mambo 4.5_1.0.3_beta

mambo mambo 4.5.1_beta

mambo mambo 4.5.1_beta2

mambo mambo 4.5_1.0.0

mambo mambo 4.5_1.0.1

mambo mambo 4.6.4

mambo mambo 4.5

mambo mambo 4.5.0.2

mambo mambo 4.5.2.2

mambo mambo 4.5.2.3

mambo mambo 4.5_1.0.9

mambo mambo 4.6

Exploits

Exploit DB: Mambo 4.6.4 Remote File Inclusion
Mambo versions 464 and below suffer from a remote file inclusion vulnerability ...
Exploit DB: Mambo 4.6.4 - Cache Lite Output Remote File Inclusion (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/projects/Framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Msf::Expl ...
Exploit DB: Mambo - Cache_Lite Class MosConfig_absolute_path Remote File Inclusion (Metasploit)
## # $Id: mambo_cache_literb 11127 2010-11-24 19:35:38Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' clas ...
Exploit DB: Mambo 4.6.4 - 'Output.php' Remote File Inclusion
----------------------------------------------------------------------------- | vuln: Mambo <= 464 Remote File Inclusion Vulnerability | | download: mambo-foundationorg/ | | | | author: irk4z@yahoopl ...

References

CWE-94http://www.securityfocus.com/bid/29716http://secunia.com/advisories/30685http://www.securitytracker.com/id?1020295https://exchange.xforce.ibmcloud.com/vulnerabilities/43101https://www.exploit-db.com/exploits/5808https://nvd.nist.govhttps://packetstormsecurity.com/files/117023/Mambo-4.6.4-Remote-File-Inclusion.htmlhttps://www.exploit-db.com/exploits/9906/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook