CVE-2005-3738

Name of the Vulnerable Software and Affected Versions Mambo Site Server versions 4.0.14 and earlier

Description The issue allows remote attackers to overwrite variables in the GLOBALS array, which can lead to various attacks. This is demonstrated by using the mosConfig absolute path parameter to content.html.php for remote PHP file inclusion.

Recommendations For Mambo Site Server versions 4.0.14 and earlier, consider disabling the register globals setting to prevent variable overwriting in the GLOBALS array. As a temporary workaround, restrict access to the content.html.php file and avoid using the mosConfig absolute path parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.