CVE-2005-3738

2005-11-22T06:03:00
ID CVE-2005-3738
Type cve
Reporter NVD
Modified 2018-10-19T11:38:59

Description

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.