Mambo Rssxt Component MosConfig_absolute_path远程文件包含漏洞

Mambo RSSXT是一款基于Mambo的应用模块。 Mambo RSSXT不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是多个脚本对用户提交的'mosConfigabsolutepath'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Mambo RSSXT Component 1.0 http://mamboxchange.com/projects/rssxt/...

PT-2006-5183 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! com rssxt component versions prior to 2.0 Beta 1 Description: The issue concerns remote file inclusion vulnerabilities in the Rssxt component for Joomla!. Remote attackers may be able to execute arbitrary PHP code via a URL in the...