You can use JM-Credits instead of a6MamboCredits. JM-Credits doesn't have that vulnerability and is much more configurable than a6MamboCredits.
I hope you like it!
| Joomla! http://forum.joomla.org/ |
|
| Mambo a6MamboCredits Component File Inclusion Vulnerability http://forum.joomla.org/viewtopic.php?f=296&t=86978 |
Page 1 of 1 |
| Author: | smart [ Fri Aug 18, 2006 10:45 am ] |
| Post subject: | Mambo a6MamboCredits Component File Inclusion Vulnerability |
Secunia Advisory: SA21540 Print Advisory Release Date: 2006-08-18 Critical: Highly critical Impact: System access Where: From remote Solution Status: Unpatched Software: a6MamboCredits 1.x (component for Mambo) a6MamboCredits 2.x (component for Mambo) Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: Charles Nelwan has discovered a vulnerability in the a6MamboCredits component for Mambo, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "mosConfig_absolute_path" parameter in administrator/components/com_a6mambocredits/admin.a6mambocredits.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability has been confirmed in version 2.0.0 and has also been reported in version 1.0.0. Other versions may also be affected. Solution: Edit the source code to ensure that input is properly verified. Set "register_globals" to "Off". Read more: http://secunia.com/advisories/21540/ |
|
| Author: | Robin [ Fri Aug 18, 2006 10:54 am ] |
| Post subject: | Re: Mambo a6MamboCredits Component File Inclusion Vulnerability |
Thanks, Will add this to the list; http://forum.joomla.org/index.php/topic,79477.0.html Regards Robin |
|
| Author: | infograf768 [ Fri Aug 18, 2006 11:08 am ] |
| Post subject: | Re: Mambo a6MamboCredits Component File Inclusion Vulnerability |
If similar to A6MamboHelpDesk, that means it is an abandoned extension. |
|
| Author: | elmoch [ Sat Aug 19, 2006 12:58 am ] |
| Post subject: | Re: Mambo a6MamboCredits Component File Inclusion Vulnerability |
You can use JM-Credits instead of a6MamboCredits. JM-Credits doesn't have that vulnerability and is much more configurable than a6MamboCredits. I hope you like it!
|
|
| Author: | Robin [ Sat Aug 19, 2006 6:16 am ] |
| Post subject: | Re: Mambo a6MamboCredits Component File Inclusion Vulnerability |
I mixed up a6Credits and a6Helpdesk, will restore this today on the list! |
|
| Page 1 of 1 | All times are UTC |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|