Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Mambo Open Source Tar.php Remote File Include Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Detect Tar.php Remote File Include Vulnerability in Mambo Open Source

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is prone to a remote
file include flaw.

Description :

The version of Mambo Open Source on the remote host fails to properly
sanitize input passed through the 'mosConfig_absolute_path' parameter
of the 'Tar.php' script. Provided PHP's 'register_globals' setting is
enabled, a remote attacker may exploit this vulnerability to cause
code to be executed in the context of the user running the web service
or to read arbitrary files on the target.

See also :

Solution :

Upgrade to Mambo Open Source or later.

Threat Level:

Medium / CVSS Base Score : 6

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.