HTTP: Mambo Path Inclusion
This signature detects attempts to exploit a known vulnerability against Mambo, an online publishing application. Mambo 4.5.2 and prior versions are vulnerable. Attackers can send a malicious HTTP request to the Mambo Web server to cause arbitrary code execution.
Extended Description
Mambo is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access. Update: Reportedly, this issue is being actively exploited in the wild; multiple Web sites have been defaced, and the issue described in this BID is being cited as the attackers method of entry. Update 12/5/2005 - Reports indicate that a bot is propagating in the wild by exploiting this vulnerability.
Affected Products
Alstrasoft template_seller_pro
Short Name
HTTP:PHP:MAMBO-PATH-INCL
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-3738 CVE-2008-2905 Inclusion Mambo Path bid:15461 bid:29716
Release Date
12/05/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Joomla
Alstrasoft
Mambo
CVSS Score
2.6
6.8