Mambo CMS Suffers From File Inclusion Vulnerability

Mambo CMS Suffers From File Inclusion Vulnerability

Web Services News

Web Hosting News

Web Services News

Web Hosting News

RELATED NEWS

Now, salsa lessons from soccer star Nobby Solano

TV show 'Dallas' set to make a comeback

Dallas To Return To Tv

Former Puerto Rico baseball star relishes work, still going strong at 104 years old

Top Colombian salsa band eyes Bollywood

Colombian Salsa music troupe to perform in Delhi

Shakira Video Songs: Celebrating The Spirit

Supreme Court Justice Sonia Sotomayor returns to old Bronx elementary school

Latin Star Aguabella Dies

Latin jazz percussionist Aguabella, who played with Sinatra and Paul Simon, dies in LA at 84

By Angsuman Chakraborty, Gaea News Network
Thursday, June 29, 2006

Kw3[R]Ln has discovered a vulnerability in the MOD_CBSMS module for Mambo, which can be exploited to compromise a machine serving Mambo CMS.

Input passed to the “mosConfig_absolute_path” parameter in mod_cbsms_messages.php isn’t properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

Successful exploitation requires that “register_globals” is enabled.

The vulnerability has been confirmed in version 1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input passed to “mosConfig_absolute_path” is properly sanitized or simply set “register_globals” to “Off”. via Secunia

Filed under: CMS Software, Headline News, Open Source Software, PHP, Web, Web Hosting, Web Services

Discuss Bellow

YOUR VIEW POINT

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

Older News