Remository for Mambo admin.remository.php mosConfig_absolute_path Variable Remote File Inclusion

ID OSVDB:27903
Type osvdb
Reporter OSVDB
Modified 2006-08-10T07:35:23


Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Solution Description

Upgrade to version 3.26 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes



Vendor URL: Secunia Advisory ID:21477 Mail List Post: FrSIRT Advisory: ADV-2006-3270 CVE-2006-4130 Bugtraq ID: 19465