header-logo
Suggest Exploit
vendor:
Mambo Site Server
by:
SecurityFocus
2.6
CVSS
LOW
Path Disclosure
200
CWE
Product Name: Mambo Site Server
Affected Version From: 4.0.11
Affected Version To: 4.0.11
Patch Exists: N/A
Related CWE: N/A
CPE: a:mambo:mambo_site_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Mambo Site Server Path Disclosure Vulnerability

A vulnerability has been discovered in Mambo Site Server. Requesting the 'index.php' script with an invalid parameter will cause an error page to be generated containing the path of the Mambo script. Information obtained by exploiting this issue may aid an attacker in launching further attacks against a target server.

Mitigation:

Ensure that all parameters passed to the 'index.php' script are valid.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6387/info

A vulnerability has been discovered in Mambo Site Server. Requesting the 'index.php' script with an invalid parameter will cause an error page to be generated containing the path of the Mambo script.

Information obtained by exploiting this issue may aid an attacker in launching further attacks against a target server.

It should be noted that this vulnerability was reported in Mambo Site Server 4.0.11. It is not yet known whether other versions are affected.

http://www.example.com/mambo/index.php?Itemid=invalidparameter

Navigation

Suggest Exploit

Services By CQR