VULHUB ™

A problem with Mambo Site Server may make it possible for remote attackers to upload files to a vulnerable system. Due to inadequate security checks performed by some PHP scripts, an attacker is able to upload arbitrary files to the system. The scripts only check to see whether certain image extensions exist in the filename. As such any file that includes the allowed extensions may be uploaded. Given the ability to upload arbitrary files to the host, an attacker can exploit this vulnerability to upload malicious applications to the vulnerable system or use the system for the storage of files.

A problem with Mambo Site Server may make it possible for remote attackers to upload files to a vulnerable system. Due to inadequate security checks performed by some PHP scripts, an attacker is able to upload arbitrary files to the system. The scripts only check to see whether certain image extensions exist in the filename. As such any file that includes the allowed extensions may be uploaded. Given the ability to upload arbitrary files to the host, an attacker can exploit this vulnerability to upload malicious applications to the vulnerable system or use the system for the storage of files.