Mambo a6MamboCredits Component File Inclusion Vulnerability
Posted: Fri Aug 18, 2006 10:45 am
Secunia Advisory: SA21540 Print Advisory
Release Date: 2006-08-18
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: a6MamboCredits 1.x (component for Mambo)
a6MamboCredits 2.x (component for Mambo)
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
Charles Nelwan has discovered a vulnerability in the a6MamboCredits component for Mambo, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "mosConfig_absolute_path" parameter in administrator/components/com_a6mambocredits/admin.a6mambocredits.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.
Successful exploitation requires that "register_globals" is enabled.
The vulnerability has been confirmed in version 2.0.0 and has also been reported in version 1.0.0. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Set "register_globals" to "Off".
Read more: http://secunia.com/advisories/21540/
Release Date: 2006-08-18
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: a6MamboCredits 1.x (component for Mambo)
a6MamboCredits 2.x (component for Mambo)
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
Charles Nelwan has discovered a vulnerability in the a6MamboCredits component for Mambo, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "mosConfig_absolute_path" parameter in administrator/components/com_a6mambocredits/admin.a6mambocredits.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.
Successful exploitation requires that "register_globals" is enabled.
The vulnerability has been confirmed in version 2.0.0 and has also been reported in version 1.0.0. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Set "register_globals" to "Off".
Read more: http://secunia.com/advisories/21540/