CVE-2005-3738 – Mambo 4.5.2 - Globals Overwrite / Remote Command Execution

https://notcve.org/view.php?id=CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion. globals.php en Mambo Site Server 4.0.14 y anteriores, cuando "register_globals" está desactivado, permite a atacantes remotos sobreescribir variables mediante el 'array' "GLOBALS" y llevar a cabo varios ataques, como se ha demostrado usando el parámetro "mosConfig_absolute_path" de content.html.php para inclusión remota de PHP. • https://www.exploit-db.com/exploits/1337 http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html http://forum.mamboserver.com/showthread.php?t=66154 http://secunia.com/advisories/17622 http://securitytracker.com/id?1015258 http://www.securityfocus.com/archive/1/417215 http://www.securityfocus.com/archive/1/426942/100/0/threaded http://www.securityfocus.com/archive/1/427196/100/0/threaded http://www.securityfocus.com/bid/15461 http://www.vupen.com/english/advi •