| VID |
210113 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Mambo Open Source is vulnerable to a local file include vulnerability via the 'mos_user_template' cookie. Mambo Open Source (formerly Mambo Site Server) is an Internet portal and content management software. Mambo Open Source versions prior to 4.6.5 are vulnerable to a SQL injection vulnerability, caused by improper validation of user-supplied input passed to the 'mos_user_template' cookie in the 'index.php' script. If the 'magic_quotes_gpc' option is disabled, this vulnerability could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://source.mambo-foundation.org/content/view/144/1/
http://secunia.com/advisories/30685
* Platforms Affected:
Miro International Pty Ltd., Mambo Open Source versions prior to 4.6.5
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Mambo Open Source (4.6.5 or later), available from the Mambo Open Source Web site at http://www.mamboserver.com/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
