|
Family: CGI abuses --> Category: attack
Mambo Open Source Tar.php Remote File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary Detect Tar.php Remote File Include Vulnerability in Mambo Open Source
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is prone to a remote
file include flaw.
Description :
The version of Mambo Open Source on the remote host fails to properly
sanitize input passed through the 'mosConfig_absolute_path' parameter
of the 'Tar.php' script. Provided PHP's 'register_globals' setting is
enabled, a remote attacker may exploit this vulnerability to cause
code to be executed in the context of the user running the web service
or to read arbitrary files on the target.
See also :
http://forum.mamboserver.com/showthread.php?t=32119
http://mamboxchange.com/frs/shownotes.php?group_id=5&release_id=3054
Solution :
Upgrade to Mambo Open Source 4.5.2.1 or later.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|