MambWeather for Mambo Savant2_Plugin_options.php mosConfig_absolute_path Variable Remote File Inclusion

ID OSVDB:29933
Type osvdb
Reporter OSVDB
Modified 2006-10-22T08:03:55


Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

This may be the same issue as Mosets Tree package (OSVDB 28708) which is included in the MambWeather module.

Manual Testing Notes



Secunia Advisory ID:22521 ISS X-Force ID: 29697 Generic Exploit URL: FrSIRT Advisory: ADV-2006-4150 CVE-2006-5519 Bugtraq ID: 20667