Mambo mod_mainmenu.php mosConfig_absolute_path Parameter Remote File Inclusion

high Nessus Plugin ID 12025

Language:

Synopsis

The remote web server contains a PHP application that is affected by a remote file include vulnerability.

Description

There is a flaw in the installed version of Mambo Open Source that may allow an attacker to execute arbitrary remote PHP code on this host because it fails to sanitize input to the 'mosConfig_absolute_path' of 'modules/mod_mainmenu.php' before using it to include PHP code from another file.

Note that, for exploitation of this issue to be successful, PHP's 'register_globals' setting must be enabled.

Solution

Upgrade to Mambo Open Source 4.5 Stable (1.0.2) or later.

See Also

https://seclists.org/bugtraq/2004/Jan/138

http://www.nessus.org/u?472f1d6d

Plugin Details

Severity: High

ID: 12025

File Name: mambo_code_injection.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 1/19/2004

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: No cve available for this vulnerability.

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 8.3

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

Required KB Items: www/mambo_mos

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/18/2004

Reference Information

BID: 9445