Mambo mambo.php 'mos_change_template' Variable Local File Inclusion

2006-02-22T11:08:00
ID OSVDB:23505
Type osvdb
Reporter James Bercegay(security@gulftech.org)
Modified 2006-02-22T11:08:00

Description

Vulnerability Description

Mambo contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mambo.php not properly sanitizing user input supplied to the 'mos_change_template' variable. This may allow an attacker to read arbitrary local files or include local files which contain arbitrary commands which will be executed by the vulnerable script.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Miro International Pty Ltd. has released a patch to address this vulnerability.

Short Description

Mambo contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mambo.php not properly sanitizing user input supplied to the 'mos_change_template' variable. This may allow an attacker to read arbitrary local files or include local files which contain arbitrary commands which will be executed by the vulnerable script.

References:

Vendor URL: http://www.mamboserver.com/ Security Tracker: 1015679 Secunia Advisory ID:18935 Related OSVDB ID: 23503 Related OSVDB ID: 23402 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00104-02242006 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0464.html FrSIRT Advisory: ADV-2006-0719 CVE-2006-0871