Vulnerability CVE-2005-3738


Published: 2005-11-22   Modified: 2012-02-12

Description:
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.

Type:

CWE-Other

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Mambo -> Mambo site server 

 References:
http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html
http://forum.mamboserver.com/showthread.php?t=66154
http://securitytracker.com/id?1015258
http://www.securityfocus.com/archive/1/417215
http://www.securityfocus.com/archive/1/426942/100/0/threaded
http://www.securityfocus.com/archive/1/427196/100/0/threaded
http://www.securityfocus.com/bid/15461
http://www.vupen.com/english/advisories/2005/2473

Copyright 2021, cxsecurity.com

 

Back to Top