VULHUB ™

It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. The issue exists because remote users may reportedly influence the include path for external scripts by supplying their own value for the 'mosConfig_absolute_path' variable in the 'mod_mainmenu.php' script. Mambo Open Source versions 4.5 and 4.6 have been reported to be prone to this issue, however other versions could be affected as well.

It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. The issue exists because remote users may reportedly influence the include path for external scripts by supplying their own value for the 'mosConfig_absolute_path' variable in the 'mod_mainmenu.php' script. Mambo Open Source versions 4.5 and 4.6 have been reported to be prone to this issue, however other versions could be affected as well.