Kw3[R]Ln has discovered a vulnerability in the MOD_CBSMS module for Mambo, which can be exploited to compromise a machine serving Mambo CMS. kw3 [ r ] LN���o�{�F�@�Ӻ|�}�A�bmod_cbsms�Ҷ��Ҫi�A���i�H�Q�Q�Ψӧ���A�@�x�����A�ȰҪi�ӭM�趯�ʤ��|�C

Input passed to the "mosConfig_absolute_path" parameter in mod_cbsms_messages.php isn't properly verified, before it is used to include files.��J�A�q�L�V�� mosconfig_absolute_path ���ѼƦbmod_cbsms_messages.php�O���O�A��ֹꤧ�e�A���O�Ψӥ]�t���C This can be exploited to include arbitrary files from external and local resources.�o�i�H�Q�Q�Ψӥ]�A���N���q�~���M���a�귽�C

Successful exploitation requires that "register_globals" is enabled.���\����d�A�n�D�� register_globals�����w�ҥΡC

The vulnerability has been confirmed in version 1.0.�Ӻ|�}�w�Q�ҹ�b1.0���C Other versions may also be affected.��L�����]�i����v�T�C

Solution:�ѨM��סG
Edit the source code to ensure that input passed to "mosConfig_absolute_path" is properly sanitized or simply set "register_globals" to "Off".�s�跽�N�X�A�H�T�O��J�A�q�L�� mosconfig_absolute_path ���O�A�?��r�ΰ��ܳ]�m�� register_globals�����졧�p�d�� �C via�q�L Secunia Secunia���q