CVE-2005-3738

Published Nov 22, 2005

Last updated a day ago

CVSS info 2.6

Overview

Description: globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 2.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE4760B9-54F5-493C-A11E-B77DA6EC6C97"
          },
          {
            "criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD99A44A-B0C5-4C4F-A2C5-E887A50D524A"
          },
          {
            "criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCB5F323-A895-4392-8801-17A91A3DF23A"
          },
          {
            "criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0ED5902-9239-426B-BAE1-43B0B81D3698"
          },
          {
            "criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.12_beta:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D336F35-29A5-4937-AFD9-A270FBBCAF41"
          },
          {
            "criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.12_beta_2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99ECD749-5ACB-4322-9176-E2818A375507"
          },
          {
            "criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93111FE2-AB73-41D4-96B8-6C6FD1C36708"
          },
          {
            "criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6FA85FE-1057-4BA8-B706-7590290E7BA5"
          },
          {
            "criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4800B71-007D-41C8-8450-EF06D7920E50"
          },
          {
            "criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE093E4B-37EB-4DB9-A6BD-5C22251E6F88"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References