| VID |
21869 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Mambo Open Source is vulnerable to multiple vulnerabilities which exist in versions 4.5.3h and earlier. Mambo Open Source (formerly Mambo Site Server) is an Internet portal and content management software. Mambo Open Source versions 4.5.3 and 4.5.3h and earlier could allow a remote attacker to view arbitrary files or to execute arbitrary PHP code on the affect host, caused by improper validation of input to the 'mos_user_template' cookie before using it to include PHP code from a file. In addition to this flaw, those softwares are also vulnerable to multiple SQL injection vulnerabilities. If magic_quotes_gpc is disabled, by sending specially-crafted SQL statements to the 'username' parameter in the 'includes/mambo.php' script, the 'task' parameter in 'index2.php' script, and the 'filter' parameter in 'components/com_content/content.php' script, a remote attacker could exploit these vulnerabilities to add, modify, delete information in the back-end database.
* References:
http://www.gulftech.org/?node=research&article_id=00104-02242006
http://archives.neohapsis.com/archives/bugtraq/2006-02/0463.html
http://www.frsirt.com/english/advisories/2006/0719
http://secunia.com/advisories/18935/
* Platforms Affected:
Miro International Pty Ltd., Mambo Open Source versions 4.5.3 and 4.5.3h and earlier
Any operating system Any version |
| Recommendation |
If you are running an earlier version of Mambo than 4.5.3, upgrade the program, and apply the patch for versions 4.5.3 and 4.5.3h, available from the Mambo Web site at http://sourceforge.net/projects/mambo/ |
| Related URL |
CVE-2006-0871 (CVE) |
| Related URL |
16775 (SecurityFocus) |
| Related URL |
24870 (ISS) |
|
