OSVDB ID: 28084

Title: anjel for Mambo anjel.index.php mosConfig_absolute_path Parameter Remote File Inclusion

Info

Disclosure

Aug 17, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

anjel component for Mambo has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the anjel.index.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. However, subsequent examination shows the variable is set in configuration.php and can not be manipulated by an attacker.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related, Myth / Fake

Solution

The vulnerability reported is incorrect. No solution required.

Products

MamboXChange

anjel for Mambo

Unknown or Unspecified

References

CVE ID: 2006-4280 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0360.html
http://archives.neohapsis.com/archives/bugtraq/2006-08/0441.html

Credit

Crackers_child - cashr00thotmail.com - http://www.sibersavascilar.com/

Direct URL: http://osvdb.org/28084