| VID |
21936 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Joomla! or Mambo is vulnerable to a remote file include vulnerability via the 'mosConfig_absolute_path' parameter. Mambo Open Source (formerly Mambo Site Server) is an Internet portal and content management software. Joomla! is an open-source content management system written in PHP. Some versions of the components or modules for these programs could allow a remote attacker to include malicious PHP files, caused by improper validation of user-supplied input passed to the 'mosConfig_absolute_path' parameter. If the register_globals setting is set to 'on', a remote attacker could send a specially-crafted URL request to execute arbitrary PHP code and operating system commands on the affected host.
* References:
http://forum.mamboserver.com/showthread.php?t=83001
http://forum.joomla.org/index.php/topic,75390.msg402249.html#msg402249
http://extensions.joomla.org/component/option,com_mtree/task,viewlink/link_id,142/Itemid,35/
http://mamboxchange.com/frs/?group_id=8&release_id=24
http://mamboxchange.com/projects/extcalendar/
http://mamboxchange.com/projects/extcalendar/
http://mamboxchange.com/projects/videodb/
http://mamboxchange.com/projects/htmlarea3xtd/
http://mamboxchange.com/projects/multibanners/
http://advisories.echo.or.id/adv/adv38-matdhule-2006.txt
http://secunia.com/advisories/20949/
http://www.frsirt.com/english/advisories/2006/2739
http://www.frsirt.com/english/advisories/2006/2786
http://milw0rm.com/exploits/1959
http://milw0rm.com/exploits/2020
http://milw0rm.com/exploits/2023
http://milw0rm.com/exploits/2029
* Platforms Affected:
RsGallery2 version 1.11.2 for Joomla!
Galleria version 1.0 for Mambo
ExtCalendar version 2.0 for Joomla!
pc_cookbook versions 0.3, 1.3.1 for Joomla!
pc_cookbook versions 0.3, 1.3.1 for Mambo
SMF Forum version 1.3 for SMF
perForms version 1.0 for Joomla!
Sitemap version 2.0 for Mambo
LoudMouth version 4.0j for MamboXChange
EXTCalendar versions 0.9.1, 2.0 for MamboXChange
HTMLArea3 addon - ImageManager version 1.5 for MamboXChange
MultiBanner version 1.0.1 for MamboXChange
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014. Edit the source code to ensure that input is properly verified.
As a workaround, disable PHP's 'register_globals' setting. |
| Related URL |
CVE-2006-3396,CVE-2006-3530,CVE-2006-3556 (CVE) |
| Related URL |
18876,18919,18924,18968,18991,19037,19042,19044,19047,19100 (SecurityFocus) |
| Related URL |
27418,27528,27633,27641,27724 (ISS) |
|
