Mambo / Joomla Component / Module mosConfig_absolute_path Parameter Remote File Inclusion

Medium Nessus Network Monitor Plugin ID 3687

Synopsis

The remote web server contains a PHP application that is prone to remote file inclusion attacks.

Description

The remote host contains a third-party Mambo / Joomla component or module. The version of at least one such component or module installed on the remote host fails to sanitize input to the 'mosConfig_absolute_path' parameter before using it to include PHP code. Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker may be able to exploit these flaws to view arbitrary files on the remote host or to execute arbitrary PHP code, possibly taken from third-party hosts.

Solution

Disable PHP's 'register_globals' setting. Upgrade or patch according to vendor recommendations.

See Also

http://www.securityfocus.com/archive/1/439035/30/0/threaded

http://www.securityfocus.com/archive/1/439451/30/0/threaded

http://www.securityfocus.com/archive/1/439618/30/0/threaded

http://www.securityfocus.com/archive/1/439963/30/0/threaded

http://www.securityfocus.com/archive/1/439997/30/0/threaded

http://www.securityfocus.com/archive/1/440881/30/0/threaded

http://www.securityfocus.com/archive/1/441533/30/0/threaded

http://www.securityfocus.com/archive/1/441538/30/0/threaded

http://www.securityfocus.com/archive/1/441541/30/0/threaded

http://www.securityfocus.com/archive/1/444425/30/0/threaded

http://packetstormsecurity.org/0607-exploits/smf.txt

http://isc.sans.org/diary.php?storyid=1526

http://www.milw0rm.com/exploits/1959

http://www.milw0rm.com/exploits/2020

http://www.milw0rm.com/exploits/2023

http://www.milw0rm.com/exploits/2029

http://www.milw0rm.com/exploits/2083

http://www.milw0rm.com/exploits/2089

http://www.milw0rm.com/exploits/2125

http://www.milw0rm.com/exploits/2196

http://www.milw0rm.com/exploits/2205

http://www.milw0rm.com/exploits/2206

http://www.milw0rm.com/exploits/2207

http://www.milw0rm.com/exploits/2214

http://www.milw0rm.com/exploits/2367

http://www.milw0rm.com/exploits/2613

http://www.milw0rm.com/exploits/3567

http://www.milw0rm.com/exploits/3703

http://www.milw0rm.com/exploits/3753

http://www.milw0rm.com/exploits/4497

http://www.milw0rm.com/exploits/4507

http://www.milw0rm.com/exploits/4521

http://www.milw0rm.com/exploits/5020

http://www.milw0rm.com/exploits/5497

http://www.milw0rm.com/exploits/6003

http://www.milw0rm.com/exploits/7038

http://www.milw0rm.com/exploits/7039

http://www.milw0rm.com/exploits/7040

http://milw0rm.com/exploits/1959

Plugin Details

Severity: Medium

ID: 3687

File Name: 3687.prm

Family: CGI

Published: 2006/07/24

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 22049

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.8

Temporal Score: 5.2

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:W/RC:ND

CVSSv3

Base Score: 6.3

Temporal Score: 6

Vector: CVSS3#AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:W/RC:X

Reference Information

CVE: CVE-2006-3846, CVE-2006-5048, CVE-2007-1702, CVE-2007-3130, CVE-2007-2144, CVE-2007-2319, CVE-2006-3396, CVE-2006-3530, CVE-2006-3556, CVE-2007-2005, CVE-2006-3774, CVE-2006-5045, CVE-2006-3748, CVE-2006-3749, CVE-2006-3750, CVE-2006-3751, CVE-2006-3773, CVE-2006-3947, CVE-2006-3949, CVE-2006-3980, CVE-2006-3995, CVE-2006-4074, CVE-2006-4130, CVE-2006-4195, CVE-2006-4270, CVE-2006-4288, CVE-2006-4553, CVE-2006-4858, CVE-2006-5519, CVE-2006-6962

BID: 24342, 24592, 23529, 23490, 23408, 23113, 23125, 19217, 19222, 19223, 19224, 19233, 19373, 19465, 19505, 19574, 19581, 19725, 20018, 20667, 18705, 18808, 18876, 18919, 18924, 18968, 18991, 19037, 19042, 19044, 19047, 19100