vendor:
MAMBO & Joomla NFN Address Book
by:
Cold z3ro
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: MAMBO & Joomla NFN Address Book
Affected Version From: 0.4
Affected Version To: 0.4
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
MAMBO & Joomla NFN Address Book v0.4 (nfnaddressbook.php) Remote File Include Vulnerabilities
The vulnerability allows an attacker to include remote files in the nfnaddressbook.php script. By manipulating the 'mosConfig_absolute_path' parameter, an attacker can execute malicious code hosted on a remote server.
Mitigation:
Update to a patched version of the software or apply a fix provided by the vendor. Remove any unnecessary file inclusion functionality from the code.