A third-party component for Mambo, Module, or Joomla! is running on the remote host. At least one of these components is a version that is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'mosConfig_absolute_path' parameter before using it to include PHP code. Provided the PHP 'register_globals' setting is enabled, an unauthenticated, remote attacker can exploit this issue to disclose arbitrary files or execute arbitrary PHP code on the remote host, subject to the privileges of the web server user ID.

Detections

Analytics

Mambo / Joomla! Component / Module 'mosConfig_absolute_path' Multiple Parameter Remote File Include Vulnerabilities

high Nessus Plugin ID 22049

Version 1.112