UHP for Mambo and Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to footer.php not properly sanitizing user input supplied to the "mosConfig_absolute_path" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Upgrade to version 0.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Bugtraq ID: 19233
• CVE ID: 2006-3995 (see also: NVD)
• Milw0rm: 2089
• Exploit Database: 2089
• Secunia Advisory ID: 21305
• Related OSVDB ID: 27651 28111 28112 28113
• ISS X-Force ID: 28080
• VUPEN Advisory: ADV-2006-3056
• Vendor Specific News/Changelog Entry: http://forum.joomla.org/index.php/topic,79477.0.html
• Vendor URL: http://www.ravenswoodit.co.uk/index.php?option=com_docman&task=cat_view&gid=76&Itemid=13
• Keyword: User Home Pages (UHP)

• Kurdish Security -   -