Title: Mambo Open Source Remote File Include Vulnerability
Severity: HIGH
Description:
Mambo is an Open Source Web-based content management system written in PHP.
Mambo is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
If 'register_globals' is off, a remote attacker can supply arbitrary values to multiple 'GLOBALS' parameters of the 'global.php' script. This permits attackers to specify remotely-hosted script files to be executed in the context of the Web server hosting the vulnerable software.
An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
Update: Reportedly, this issue is being actively exploited in the wild; multiple Web sites have been defaced, and the issue described in this BID is being cited as the attackers method of entry.
Update 12/5/2005 - Reports indicate that a bot is propagating in the wild by exploiting this vulnerability. Please see the References section for further details.
Affected Products:
- Joomla Joomla 1.0.0
- Joomla Joomla 1.0.1
- Joomla Joomla 1.0.2
- Joomla Joomla 1.0.3
- Mambo Mambo Site Server 4.0.0
- Mambo Mambo Site Server 4.0.10
- Mambo Mambo Site Server 4.0.11
- Mambo Mambo Site Server 4.0.12
- Mambo Mambo Site Server 4.0.12 BETA
- Mambo Mambo Site Server 4.0.12 BETA 2
- Mambo Mambo Site Server 4.0.12 RC1
- Mambo Mambo Site Server 4.0.12 RC2
- Mambo Mambo Site Server 4.0.12 RC3
- Mambo Mambo Site Server 4.0.14
References:
- Joomla: Joomla 1.0.4 Changelog
- Mambo: Mambo Changelog
- Mambo: Mambo Open Source Homepage
- peter MC tachatte <slythers@gmail.com>: [Full-disclosure] mambo remote code sexecution
- ezPortal/ztml: ezPortal/ztml Homepage