AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
December 03, 2008, 05:37:36 PM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4766 Members
Latest Member: beverlys
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: Mambo "mosConfig_absolute_path" Remote File Inclusion Vulnerability 0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Mambo "mosConfig_absolute_path" Remote File Inclusion Vulnerability  (Read 3553 times)
TJ
Tech Team
Hero Member
********
Offline Offline

Posts: 136



View Profile
Mambo "mosConfig_absolute_path" Remote File Inclusion Vulnerability
« on: November 20, 2005, 11:45:53 AM »
Technical Description

A vulnerability has been identified in Mambo, which may be exploited by attackers to execute arbitrary commands. This flaw is due to an error in the "register_globals" emulation layer in "globals.php" that does not perform safety checks on certain values, which may be exploited by remote attackers to include malicious files via the "mosConfig_absolute_path" parameter and execute arbitrary commands with the privileges of the web server.

Affected Products

Mambo version 4.5.2.3 and prior

Solution

No official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2005/2473
http://www.frsirt.com/english/reference/931
Logged
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: Mambo "mosConfig_absolute_path" Remote File Inclusion Vulnerability « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!