Mambo Open Source index2.php Administrator Password Bypass
2001-07-24T00:00:00
ID OSVDB:1911 Type osvdb Reporter OSVDB Modified 2001-07-24T00:00:00
Description
Vulnerability Description
index2.php in Mambo Site Server allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
Technical Description
Mambo Server 3.0.0 through 3.0.5 stored the global variables insecurely. Versions 3.x are no longer supported. The current version as of December, 2003 is 4.0.14, with 4.5 rc4 available.
Solution Description
Upgrade to version 4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
index2.php in Mambo Site Server allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
{"type": "osvdb", "published": "2001-07-24T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:1911", "hashmap": [{"key": "affectedSoftware", "hash": "14a607649d99ec1049cd500130f55ddb"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "8cef54721df6d629f0d2f149a52a9521"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "71e6a35979b75163d33208c51c41d6ff"}, {"key": "href", "hash": "2e6b0ac0c1c09806bd90ed6c6579d83c"}, {"key": "modified", "hash": "3ef918c86b33efb8da9d7b745f42afd0"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "3ef918c86b33efb8da9d7b745f42afd0"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "766f5bbda17b1a7623c2c2ca23d57d79"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "viewCount": 7, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "OSVDB", "title": "Mambo Open Source index2.php Administrator Password Bypass", "affectedSoftware": [{"operator": "eq", "version": "3.0.1", "name": "Mambo Server"}, {"operator": "eq", "version": "3.0.4", "name": "Mambo Server"}, {"operator": "eq", "version": "3.0.2", "name": "Mambo Server"}, {"operator": "eq", "version": "3.0.3", "name": "Mambo Server"}, {"operator": "eq", "version": "3.0", "name": "Mambo Server"}, {"operator": "eq", "version": "3.0.5", "name": "Mambo Server"}], "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-04-28T13:19:56"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2001-1011"]}], "modified": "2017-04-28T13:19:56"}, "vulnersScore": 7.5}, "references": [], "id": "OSVDB:1911", "hash": "0789fcc4f1e2145357f42c22741b17a6a0f4a58981d28960b452171a124c851c", "lastseen": "2017-04-28T13:19:56", "cvelist": ["CVE-2001-1011"], "modified": "2001-07-24T00:00:00", "description": "## Vulnerability Description\nindex2.php in Mambo Site Server allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.\n## Technical Description\nMambo Server 3.0.0 through 3.0.5 stored the global variables insecurely. Versions 3.x are no longer supported. The current version as of December, 2003 is 4.0.14, with 4.5 rc4 available.\n## Solution Description\nUpgrade to version 4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nindex2.php in Mambo Site Server allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.\n## References:\nVendor URL: http://www.mamboserver.com/\nISS X-Force ID: 6910\nGeneric Exploit URL: http://packetstormsecurity.nl/0107-exploits/mambo_advisorie.txt\nGeneric Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html\n[CVE-2001-1011](https://vulners.com/cve/CVE-2001-1011)\nCERT VU: 847803\nBugtraq ID: 3093\n"}
{"cve": [{"lastseen": "2019-05-29T18:07:38", "bulletinFamily": "NVD", "description": "index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.", "modified": "2017-10-10T01:29:00", "id": "CVE-2001-1011", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1011", "published": "2001-07-25T04:00:00", "title": "CVE-2001-1011", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}