Family: CGI abuses --> Category: attack
Mambo Open Source < 220.127.116.11 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in Mambo Open Source < 18.104.22.168
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is affected by
The installed version of Mambo Open Source on the remote host suffers
from the following flaws :
- Session ID Spoofing Vulnerability
An unspecified flaw in the script 'administrator/index3.php'
can be exploited to spoof session IDs.
- Local File Disclosure Vulnerability
The 'includes/DOMIT/testing_domit.php' script may be used
to read the contents of local files such as Mambo's
configuration file, which holds database credentials.
- A SQL Injection Vulnerability
The application fails to properly sanitize user-supplied
input to the 'user_rating' parameter of the
'components/com_content/content.php' script before using
it in SQL statements.
- Multiple Unspecified Injection Vulnerabilities
Various class 'check' methods fail to properly
sanitize input, although it's unknown precisely
what dangers these flaws present.
See also :
Upgrade to Mambo version 22.214.171.124 or greater.
Medium / CVSS Base Score : 5
Click HERE for more information and discussions on this network vulnerability scan.