Unrated severityNVD Advisory· Published Nov 22, 2005· Updated Apr 16, 2026
CVE-2005-3738
CVE-2005-3738
Description
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
Affected products
10cpe:2.3:a:mambo:mambo_site_server:4.0.14:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:mambo:mambo_site_server:4.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo_site_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo_site_server:4.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo_site_server:4.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo_site_server:4.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo_site_server:4.0.12_beta:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo_site_server:4.0.12_beta_2:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.htmlnvdExploitVendor Advisory
- www.securityfocus.com/archive/1/417215nvdExploit
- forum.mamboserver.com/showthread.phpnvd
- secunia.com/advisories/17622nvd
- securitytracker.com/idnvd
- www.securityfocus.com/archive/1/426942/100/0/threadednvd
- www.securityfocus.com/archive/1/427196/100/0/threadednvd
- www.securityfocus.com/bid/15461nvd
- www.vupen.com/english/advisories/2005/2473nvd
News mentions
0No linked articles in our index yet.