Vulnerability Name:

CVE-2005-3738 (CCN-23146)

Assigned:2005-11-16
Published:2005-11-16
Updated:2018-10-19
Summary:globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Wed Nov 16 2005 - 09:44:28 CST
mambo remote code sexecution

Source: FULLDISC
Type: Exploit, Vendor Advisory
20051116 mambo remote code sexecution

Source: MITRE
Type: CNA
CVE-2005-3738

Source: CONFIRM
Type: UNKNOWN
http://forum.mamboserver.com/showthread.php?t=66154

Source: CCN
Type: SA17622
Mambo "register_globals" Emulation Layer Overwrite Vulnerability

Source: SECUNIA
Type: UNKNOWN
17622

Source: CCN
Type: SECTRACK ID: 1015258
Mambo Server `content.html.php` Include File Bug Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015258

Source: CCN
Type: ASA-2007-018
HP-UX Apache Remote Execution of Arbitrary Code Denial of Service (DoS) and Unauthorized Access (HPSBUX02186)

Source: CCN
Type: MamboServer.com
MamboServer

Source: CCN
Type: OSVDB ID: 20915
Mambo register_globals Emulation Layer Overwrite File Inclusion

Source: BUGTRAQ
Type: Exploit
20051118 Mambo 0day Exploit out in the wild - mambo/skype hacked

Source: BUGTRAQ
Type: UNKNOWN
20060307 PHP-based CMS mass-exploitation

Source: BUGTRAQ
Type: UNKNOWN
20060308 RE: [Full-disclosure] PHP-based CMS mass-exploitation

Source: BID
Type: UNKNOWN
15461

Source: CCN
Type: BID-15461
Mambo Open Source Remote File Include Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-2473

Source: XF
Type: UNKNOWN
mambo-globals-file-include(23146)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mambo:mambo_site_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:mambo:mambo_site_server:4.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mambo:mambo_site_server:4.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:mambo:mambo_site_server:4.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:mambo:mambo_site_server:4.0.12_beta:*:*:*:*:*:*:*
  • OR cpe:/a:mambo:mambo_site_server:4.0.12_beta_2:*:*:*:*:*:*:*
  • OR cpe:/a:mambo:mambo_site_server:4.0.12_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:mambo:mambo_site_server:4.0.12_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:mambo:mambo_site_server:4.0.12_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:mambo:mambo_site_server:4.0.14:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mambo:mambo:4.5.2.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mambo mambo site server 4.0
    mambo mambo site server 4.0.10
    mambo mambo site server 4.0.11
    mambo mambo site server 4.0.12
    mambo mambo site server 4.0.12_beta
    mambo mambo site server 4.0.12_beta_2
    mambo mambo site server 4.0.12_rc1
    mambo mambo site server 4.0.12_rc2
    mambo mambo site server 4.0.12_rc3
    mambo mambo site server 4.0.14
    mambo mambo 4.5.2.3