FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mambo -- "register_globals" emulation layer overwrite vulnerability

Affected packages
mambo < 4.5.3


VuXML ID ffb82d3a-610f-11da-8823-00123ffe8333
Discovery 2005-11-17
Entry 2005-11-30

A Secunia Advisory reports:

peter MC tachatte has discovered a vulnerability in Mambo, which can be exploited by malicious people to manipulate certain information and compromise a vulnerable system.

The vulnerability is caused due to an error in the "register_globals" emulation layer in "globals.php" where certain arrays used by the system can be overwritten. This can be exploited to include arbitrary files from external and local resources via the "mosConfig_absolute_path" parameter.

Successful exploitation requires that "register_globals" is disabled.