Mambo a6MamboCredits Component File Inclusion Vulnerability

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

User avatar
smart
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 109
Joined: Thu Aug 18, 2005 1:33 pm
Location: Sebastopol
Contact:

Mambo a6MamboCredits Component File Inclusion Vulnerability

Postby smart » Fri Aug 18, 2006 10:45 am

Secunia Advisory: SA21540 Print Advisory 
Release Date: 2006-08-18

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: a6MamboCredits 1.x (component for Mambo)
a6MamboCredits 2.x (component for Mambo)

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
Charles Nelwan has discovered a vulnerability in the a6MamboCredits component for Mambo, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "mosConfig_absolute_path" parameter in administrator/components/com_a6mambocredits/admin.a6mambocredits.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 2.0.0 and has also been reported in version 1.0.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Set "register_globals" to "Off".

Read more: http://secunia.com/advisories/21540/
Joomlaportal.ru News, articles and tutorials
Joomlaforum.ru Russian Joomla Support Forum
Member of the Russian Joomla Translation Team

User avatar
Robin
Joomla! Master
Joomla! Master
Posts: 15753
Joined: Thu Aug 18, 2005 10:41 am

Re: Mambo a6MamboCredits Component File Inclusion Vulnerability

Postby Robin » Fri Aug 18, 2006 10:54 am

Thanks,

Will add this to the list; http://forum.joomla.org/index.php/topic,79477.0.html

Regards Robin

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 18001
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: Mambo a6MamboCredits Component File Inclusion Vulnerability

Postby infograf768 » Fri Aug 18, 2006 11:08 am

If similar to A6MamboHelpDesk, that means it is an abandoned extension.
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

elmoch
Joomla! Explorer
Joomla! Explorer
Posts: 410
Joined: Fri Aug 26, 2005 10:13 pm
Location: Spain
Contact:

Re: Mambo a6MamboCredits Component File Inclusion Vulnerability

Postby elmoch » Sat Aug 19, 2006 12:58 am

You can use JM-Credits instead of a6MamboCredits. JM-Credits doesn't have that vulnerability and is much more configurable than a6MamboCredits.

I hope you like it!  ;)
My Extensions: JM-Recommend, JM-Credits, JM-Link Us (for J! 1.0.x). Find them in the 3rd Party Extensions Forum.
Joomla test installation: www.poraqui.net/joomla  User: test  Password: test

User avatar
Robin
Joomla! Master
Joomla! Master
Posts: 15753
Joined: Thu Aug 18, 2005 10:41 am

Re: Mambo a6MamboCredits Component File Inclusion Vulnerability

Postby Robin » Sat Aug 19, 2006 6:16 am

I mixed up a6Credits and a6Helpdesk, will restore this today on the list!


Return to “3rd Party/Non Joomla! Security Issues”

Who is online

Users browsing this forum: No registered users and 3 guests