Kw3[R]Ln has discovered a vulnerability in the MOD_CBSMS module for Mambo, which can be exploited to compromise a machine serving Mambo CMS. Kw3 [�] ������� �������� ����� ���� ����� �� ���� �mod_cbsms ����� � ����� ���� ��������� ������ ������� ���� ��� ����� ��������.

Input passed to the "mosConfig_absolute_path" parameter in mod_cbsms_messages.php isn't properly verified, before it is used to include files. ��� ��� �������� "mosconfig_absolute_path" ������� �� mod_cbsms_messages.php �� ������ �� ��� ������� � ��� �� ��� ��������� ����� �����. This can be exploited to include arbitrary files from external and local resources. ��� ���� �� ����� ����� ����� ������� �� ������� ������� ���������.

Successful exploitation requires that "register_globals" is enabled. ��������� ������ ����� �� "register_globals" �����.

The vulnerability has been confirmed in version 1.0. ��� ��� ��� ��� �� ������ 1�0. Other versions may also be affected. ��������� ������ ����� ���� �� �����.

Solution: ���� :
Edit the source code to ensure that input passed to "mosConfig_absolute_path" is properly sanitized or simply set "register_globals" to "Off". ����� ���� ������ ����� ������ ��� ��� "mosconfig_absolute_path" ���� ���� � �� ���� ������ sanitized "register_globals" ��� �� "���". via �� ���� Secunia