A third-party component for Mambo, Module, or Joomla! is running on the remote host. At least one of these components is a version that is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'mosConfig_absolute_path' parameter before using it to include PHP code. Provided the PHP 'register_globals' setting is enabled, an unauthenticated, remote attacker can exploit this issue to disclose arbitrary files or execute arbitrary PHP code on the remote host, subject to the privileges of the web server user ID.

The remote host contains a third-party Mambo / Joomla component or module.  The version of at least one such component or module installed on the remote host fails to sanitize input to the 'mosConfig_absolute_path' parameter before using it to include PHP code.  Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker may be able to exploit these flaws to view arbitrary files on the remote host or to execute arbitrary PHP code, possibly taken from third-party hosts.

ID	Name	Product	Family	Published	Updated	Severity
22049	Mambo / Joomla! Component / Module 'mosConfig_absolute_path' Multiple Parameter Remote File Include Vulnerabilities	Nessus	CGI abuses	7/15/2006	6/4/2024	high
3687	Mambo / Joomla Component / Module mosConfig_absolute_path Parameter Remote File Inclusion	Nessus Network Monitor	CGI	7/24/2006	3/6/2019	medium

Detections

Analytics

Plugins Search

high

medium