Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3738

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2005-3738
Last Modified 07 Mar 2011 09:27:03
Published 22 Nov 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-3738

Summary

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.

Vulnerable Systems

Application

  • Mambo Site Server 4.0

  • Mambo Site Server 4.0.10

  • Mambo Site Server 4.0.11

  • Mambo Site Server 4.0.12

  • Mambo Site Server 4.0.12 Beta

  • Mambo Site Server 4.0.12 Beta 2

  • Mambo Site Server 4.0.12 Rc1

  • Mambo Site Server 4.0.12 Rc2

  • Mambo Site Server 4.0.12 Rc3

  • Mambo Site Server 4.0.14


References

VUPEN - ADV-2005-2473

BID - 15461

BUGTRAQ - 20051118 Mambo 0day Exploit out in the wild - mambo/skype hacked

FULLDISC - 20051116 mambo remote code sexecution

BUGTRAQ - 20060308 RE: [Full-disclosure] PHP-based CMS mass-exploitation

BUGTRAQ - 20060307 PHP-based CMS mass-exploitation

SECTRACK - 1015258

SECUNIA - 17622

CONFIRM - http://forum.mamboserver.com/showthread.php?t=66154


Last Updated: 27 May 2016 10:41:02