CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.075

EPSS Ranking 91.3%

CVSS Severity

CVSS v2 Score 2.6

References

Products affected by CVE-2005-3738

Mambo » Mambo Site Server » Version: 4.0

cpe:2.3:a:mambo:mambo_site_server:4.0
Mambo » Mambo Site Server » Version: 4.0.10

cpe:2.3:a:mambo:mambo_site_server:4.0.10
Mambo » Mambo Site Server » Version: 4.0.11

cpe:2.3:a:mambo:mambo_site_server:4.0.11
Mambo » Mambo Site Server » Version: 4.0.12

cpe:2.3:a:mambo:mambo_site_server:4.0.12
Mambo » Mambo Site Server » Version: 4.0.12_beta

cpe:2.3:a:mambo:mambo_site_server:4.0.12_beta
Mambo » Mambo Site Server » Version: 4.0.12_beta_2

cpe:2.3:a:mambo:mambo_site_server:4.0.12_beta_2
Mambo » Mambo Site Server » Version: 4.0.12_rc1

cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc1
Mambo » Mambo Site Server » Version: 4.0.12_rc2

cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc2
Mambo » Mambo Site Server » Version: 4.0.12_rc3

cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc3
Mambo » Mambo Site Server » Version: 4.0.14

cpe:2.3:a:mambo:mambo_site_server:4.0.14

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-3738

Products

Pricing

Contact Us