Mambo a6MamboCredits Component File Inclusion Vulnerability

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Forum rules
Locked
User avatar
smart
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 109
Joined: Thu Aug 18, 2005 1:33 pm
Location: Sebastopol
Contact:

Mambo a6MamboCredits Component File Inclusion Vulnerability

Post by smart » Fri Aug 18, 2006 10:45 am

Secunia Advisory: SA21540 Print Advisory 
Release Date: 2006-08-18

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: a6MamboCredits 1.x (component for Mambo)
a6MamboCredits 2.x (component for Mambo)

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
Charles Nelwan has discovered a vulnerability in the a6MamboCredits component for Mambo, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter in administrator/components/com_a6mambocredits/admin.a6mambocredits.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 2.0.0 and has also been reported in version 1.0.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

Read more: http://secunia.com/advisories/21540/
Joomlaportal.ru News, articles and tutorials
Joomlaforum.ru Russian Joomla Support Forum
Member of the Russian Joomla Translation Team

user deleted

Re: Mambo a6MamboCredits Component File Inclusion Vulnerability

Post by user deleted » Fri Aug 18, 2006 10:54 am

Thanks,

Will add this to the list; http://forum.joomla.org/index.php/topic,79477.0.html

Regards Robin

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 19133
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: Mambo a6MamboCredits Component File Inclusion Vulnerability

Post by infograf768 » Fri Aug 18, 2006 11:08 am

If similar to A6MamboHelpDesk, that means it is an abandoned extension.
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

elmoch
Joomla! Explorer
Joomla! Explorer
Posts: 410
Joined: Fri Aug 26, 2005 10:13 pm
Location: Spain
Contact:

Re: Mambo a6MamboCredits Component File Inclusion Vulnerability

Post by elmoch » Sat Aug 19, 2006 12:58 am

You can use JM-Credits instead of a6MamboCredits. JM-Credits doesn't have that vulnerability and is much more configurable than a6MamboCredits.

I hope you like it!  ;)
My Extensions: JM-Recommend, JM-Credits, JM-Link Us (for J! 1.0.x). Find them in the 3rd Party Extensions Forum.
Joomla test installation: www.poraqui.net/joomla  User: test  Password: test

user deleted

Re: Mambo a6MamboCredits Component File Inclusion Vulnerability

Post by user deleted » Sat Aug 19, 2006 6:16 am

I mixed up a6Credits and a6Helpdesk, will restore this today on the list!


Locked

Return to “3rd Party/Non Joomla! Security Issues”