Family: CGI abuses --> Category: attack
Mambo Open Source Tar.php Remote File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Detect Tar.php Remote File Include Vulnerability in Mambo Open Source
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to a remote
file include flaw.
The version of Mambo Open Source on the remote host fails to properly
sanitize input passed through the 'mosConfig_absolute_path' parameter
of the 'Tar.php' script. Provided PHP's 'register_globals' setting is
enabled, a remote attacker may exploit this vulnerability to cause
code to be executed in the context of the user running the web service
or to read arbitrary files on the target.
See also :
Upgrade to Mambo Open Source 220.127.116.11 or later.
Medium / CVSS Base Score : 6
Click HERE for more information and discussions on this network vulnerability scan.