CVE-2008-2905

PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
mambomambo
4.0.14
mambomambo
4.5
mambomambo
4.5.0.2
mambomambo
4.5.1.3
mambomambo
4.5.1_1.0.9:_1.0
mambomambo
4.5.1_beta:_beta
mambomambo
4.5.1_beta2:_beta2
mambomambo
4.5.1a:a
mambomambo
4.5.2
mambomambo
4.5.2.1
mambomambo
4.5.2.2
mambomambo
4.5.2.3
mambomambo
4.5.3h:h
mambomambo
4.5.4
mambomambo
4.5_1.0.0:_1.0
mambomambo
4.5_1.0.1:_1.0
mambomambo
4.5_1.0.2:_1.0
mambomambo
4.5_1.0.3_beta:_1.0
mambomambo
4.5_1.0.9:_1.0
mambomambo
4.6
mambomambo
4.6.1
mambomambo
4.6.2
mambomambo
4.6.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/30685
http://www.securityfocus.com/bid/29716
http://www.securitytracker.com/id?1020295
https://exchange.xforce.ibmcloud.com/vulnerabilities/43101
https://www.exploit-db.com/exploits/5808
http://secunia.com/advisories/30685
http://www.securityfocus.com/bid/29716
http://www.securitytracker.com/id?1020295
https://exchange.xforce.ibmcloud.com/vulnerabilities/43101
https://www.exploit-db.com/exploits/5808