Mambo Open Source mod_mainmenu.php Remote File Include Vulnerability
BID:9445
Info
Mambo Open Source mod_mainmenu.php Remote File Include Vulnerability
| Bugtraq ID: | 9445 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 19 2004 12:00AM |
| Updated: | Jan 19 2004 12:00AM |
| Credit: | The disclosure of this issue has been credited to FraMe <[email protected]>. |
| Vulnerable: |
Mambo Mambo Open Source 4.6 CVS Mambo Mambo Open Source 4.5 (1.0.0) |
| Not Vulnerable: | |
Discussion
Mambo Open Source mod_mainmenu.php Remote File Include Vulnerability
It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. The issue exists because remote users may reportedly influence the include path for external scripts by supplying their own value for the 'mosConfig_absolute_path' variable in the 'mod_mainmenu.php' script.
Mambo Open Source versions 4.5 and 4.6 have been reported to be prone to this issue, however other versions could be affected as well.
It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. The issue exists because remote users may reportedly influence the include path for external scripts by supplying their own value for the 'mosConfig_absolute_path' variable in the 'mod_mainmenu.php' script.
Mambo Open Source versions 4.5 and 4.6 have been reported to be prone to this issue, however other versions could be affected as well.
Exploit / POC
Mambo Open Source mod_mainmenu.php Remote File Include Vulnerability
No exploit is required. The following proof of concept has been provided by Yo_Soy - <[email protected]>:
No exploit is required. The following proof of concept has been provided by Yo_Soy - <[email protected]>:
Solution / Fix
Mambo Open Source mod_mainmenu.php Remote File Include Vulnerability
Solution:
The vendor has released an update to address this issue. Customers are advised to upgrade as soon as possible.
Mambo Mambo Open Source 4.5 (1.0.0)
Mambo Mambo Open Source 4.6 CVS
Solution:
The vendor has released an update to address this issue. Customers are advised to upgrade as soon as possible.
Mambo Mambo Open Source 4.5 (1.0.0)
-
Mambo MamboV4.5-Stable.tar.gz
http://prdownloads.sourceforge.net/mambo/MamboV4.5-Stable.tar.gz?downl oad
Mambo Mambo Open Source 4.6 CVS
-
Mambo MamboV4.5-Stable.tar.gz
http://prdownloads.sourceforge.net/mambo/MamboV4.5-Stable.tar.gz?downl oad
References
Mambo Open Source mod_mainmenu.php Remote File Include Vulnerability
References:
References:
- Mambo Open Source Homepage (Mambo)
- Release Name: MOS 4.5 Stable (1.0.2) (Mambo)
- Mambo OS v4.5/v4.6: remote command execution ("FraMe" )