← Back

CVE-2005-3738

nvd nist
Published: Nov 22, 2005Modified: Apr 16, 2026

JSON object

Loading...
2.6
Vector
AV:N/AC:H/Au:N/C:N/I:P/A:N
Exploitability: 4.9 / Impact: 2.9
Source: NVD

Description

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.

Affected (10)

Mambo
1 product
Mambo Site Server
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Mambo
Mambo Site Server
Version 4.0.10
Mambo Site Server
Version 4.0.11
Mambo Site Server
Version 4.0.12
Mambo Site Server
Version 4.0.12_beta
Mambo Site Server
Version 4.0.12_beta_2
Mambo Site Server
Version 4.0.12_rc1
Mambo Site Server
Version 4.0.12_rc2
Mambo Site Server
Version 4.0.12_rc3
Mambo Site Server
Version 4.0.14
Mambo Site Server
Version 4.0

References (18)

Source: cve@mitre.org
ExploitVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.