Lucene search
HistoryJun 30, 2008 - 6:24 p.m.
CVE-2008-2905
cve-2008-2905
mambo
php
vulnerability
remote file inclusion
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
High
0.285 Low
EPSS
Percentile
96.9%
PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Affected configurations
Node
mambomamboMatch4.0.14
ORmambomamboMatch4.5
ORmambomamboMatch4.5.0.2
ORmambomamboMatch4.5.1.3
ORmambomamboMatch4.5.1_1.0.9
ORmambomamboMatch4.5.1_beta
ORmambomamboMatch4.5.1_beta2
ORmambomamboMatch4.5.1a
ORmambomamboMatch4.5.2
ORmambomamboMatch4.5.2.1
ORmambomamboMatch4.5.2.2
ORmambomamboMatch4.5.2.3
ORmambomamboMatch4.5.3h
ORmambomamboMatch4.5.4
ORmambomamboMatch4.5_1.0.0
ORmambomamboMatch4.5_1.0.1
ORmambomamboMatch4.5_1.0.2
ORmambomamboMatch4.5_1.0.3_beta
ORmambomamboMatch4.5_1.0.9
ORmambomamboMatch4.6
ORmambomamboMatch4.6.1
ORmambomamboMatch4.6.2
ORmambomamboMatch4.6.4
Related
packetstorm
packetstorm
Mambo 4.6.4 Remote File Inclusion
2012-10-01 00:00:00
Mambo Cache_Lite Class mosConfig_absolute_path Remote File Inclusion
2009-10-30 00:00:00
cvelist
cvelist
CVE-2008-2905
2008-06-30 18:00:00
prion
prion
Remote file inclusion
2008-06-30 18:24:00
nvd
nvd
CVE-2008-2905
2008-06-30 18:24:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
High
0.285 Low
EPSS
Percentile
96.9%
Related for CVE-2008-2905