Mambo CMS File Inclusion Vulnerability
Data de publicação: 10 fevereiro 2011
Schweregrad: : Baixo
Identificador(es) CVE: : CVE-2005-3738
Data do informe: 10 fevereiro 2011
Descrição
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
Exposição das informações
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1002947
Trend Micro Deep Security DPI Rule Name: 1002947 - Mambo CMS File Inclusion Vulnerability Scan
Software infectado e versão:
- Mambo Mambo Site Server 4.0
- Mambo Mambo Site Server 4.0.10
- Mambo Mambo Site Server 4.0.11
- Mambo Mambo Site Server 4.0.12
- Mambo Mambo Site Server 4.0.12 BETA
- Mambo Mambo Site Server 4.0.12 BETA 2
- Mambo Mambo Site Server 4.0.12 RC1
- Mambo Mambo Site Server 4.0.12 RC2
- Mambo Mambo Site Server 4.0.12 RC3
- Mambo Mambo Site Server 4.0.14