Mambo Open Source < 4.5.2.3 Multiple Vulnerabilities

high Nessus Plugin ID 18495

Synopsis

The remote web server contains a PHP application that is affected by multiple issues.

Description

The installed version of Mambo Open Source on the remote host suffers from the following flaws :

- Session ID Spoofing Vulnerability An unspecified flaw in the script 'administrator/index3.php' can be exploited to spoof session IDs.

- Local File Disclosure Vulnerability The 'includes/DOMIT/testing_domit.php' script may be used to read the contents of local files such as Mambo's configuration file, which holds database credentials.

- A SQL Injection Vulnerability The application fails to properly sanitize user-supplied input to the 'user_rating' parameter of the 'components/com_content/content.php' script before using it in SQL statements.

- Multiple Unspecified Injection Vulnerabilities Various class 'check' methods fail to properly sanitize input, although it's unknown precisely what dangers these flaws present.

Solution

Upgrade to Mambo version 4.5.2.3 or greater.

See Also

https://seclists.org/fulldisclosure/2005/Jun/189

https://secuniaresearch.flexerasoftware.com/advisories/15710

Plugin Details

Severity: High

ID: 18495

File Name: mambo_user_rating_sql_injection.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 6/15/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mambo:mambo

Required KB Items: www/mambo_mos

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 5/5/2005

Reference Information

CVE: CVE-2005-2002

BID: 13966, 14117, 14119