Mambo Open Source banners.php Information Disclosure

2003-09-19T10:53:48
ID OSVDB:2166
Type osvdb
Reporter OSVDB
Modified 2003-09-19T10:53:48

Description

Vulnerability Description

Mambo Open Source contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker calls 'banners.php' without any arguments, which will disclose system variables resulting in a loss of confidentiality.

Solution Description

Upgrade to version 4.0.14 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mambo Open Source contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker calls 'banners.php' without any arguments, which will disclose system variables resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/mambo/banners.php

References:

Vendor URL: http://www.mamboserver.com/ Secunia Advisory ID:9796 Related OSVDB ID: 7485 Related OSVDB ID: 7484 Related OSVDB ID: 7486 Related OSVDB ID: 7487 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-09/0303.html ISS X-Force ID: 13238 Generic Informational URL: http://www.hackingzone.org/secviewarticle.php?id=11 Bugtraq ID: 8647