Kw3[R]Ln has discovered a vulnerability in the MOD_CBSMS module for Mambo, which can be exploited to compromise a machine serving Mambo CMS. kw3 [ r ] LN的发现了一个漏洞,在mod_cbsms模块曼波,它可以被利用来妥协,一台机器服务曼波细胞质雄性不育。

Input passed to the “mosConfig_absolute_path” parameter in mod_cbsms_messages.php isn’t properly verified, before it is used to include files.投入,通过向“ mosconfig_absolute_path ”参数在mod_cbsms_messages.php是不是适当核实之前,它是用来包含文件。 This can be exploited to include arbitrary files from external and local resources.这可以被利用来包括任意文件从外部和本地资源。

Successful exploitation requires that “register_globals” is enabled.成功的剥削,要求“ register_globals的”已启用。

The vulnerability has been confirmed in version 1.0.该漏洞已被证实在1.0版。 Other versions may also be affected.其他版本也可能受到影响。

Solution:解决方案:
Edit the source code to ensure that input passed to “mosConfig_absolute_path” is properly sanitized or simply set “register_globals” to “Off”.编辑源代码,以确保投入,通过“ mosconfig_absolute_path ”是适当的消毒或干脆设置“ register_globals的”到“小康” 。 via通过 Secunia Secunia公司