SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Mambo Site Server Vendors:   Mamboserver.com
Mambo Lets Remote Users Traverse the Directory and View Files on the Target System
SecurityTracker Alert ID:  1015176
SecurityTracker URL:  http://securitytracker.com/id/1015176
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 10 2005
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.5 (1.0.x), prior to 4.5 (1.0.9)
Description:   A vulnerability was reported in Mambo. A remote user can download files in certain cases.

If Mambo is installed on a system that has magic_quotes_gpc disabled, then a remote user can supply a specially crafted request that is terminated with a null character to view the contents of arbitrary files on the target system.

Gemma Hughes of ProCheckUp reported this vulnerability.

The original advisory is available at:

http://www.procheckup.com/Vulner_PR0511.php
Impact:   A remote user can view the contents files in certain cases.
Solution:   The vendor has issued a fix. Users of 4.5 (1.0.x) should upgrade to 4.5 (1.0.9 plus security fix) or upgrade to 4.5.2.3 (the current release).

Users of 4.5.1 or above should move to 4.5.2.3 or install 4.5.3 when it is released.
Vendor URL:  www.mamboserver.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC