Detections
Analytics

Mambo Open Source Multiple Vulnerabilities

medium Nessus Plugin ID 21144

Language:

Synopsis

The remote web server contains a PHP application that is affected by several issues.

Description

The remote installation of Mambo Open Source fails to sanitize input to the 'mos_user_template' cookie before using it to include PHP code from a local file. An unauthenticated attacker may be able to exploit this issue to view arbitrary files or to execute arbitrary PHP code on the affected host.

In addition, the application suffers from a similar lack of sanitation of input to the 'username' parameter in the 'includes/mambo.php' script, the 'task' parameter in 'index2.php', and the 'filter' parameter in 'components/com_content/content.php' before using it in SQL statements. Provided PHP's 'magic_quotes_gpc' setting is disabled, an attacker can leverage these issues to manipulate database queries and, for example, log in as any user, including an admin.

Solution

Apply the appropriate security patch listed in the vendor advisory above.

See Also

http://www.gulftech.org/?node=research&article_id=00104-02242006

https://seclists.org/bugtraq/2006/Feb/471

Plugin Details

Severity: Medium

ID: 21144

File Name: mambo_mult_flaws.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 3/27/2006

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/mambo_mos

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/22/2006

Reference Information

CVE: CVE-2006-0871, CVE-2006-1794

BID: 16775