Info

Disclosure

Jul 24, 2001

Discovery

Jul 24, 2001

Dates

Exploit

Jul 24, 2001

Solution

Unknown

Description

index2.php in Mambo Site Server allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.

Classification

Location: Remote/Network Access Required
OSVDB: Web Related

Solution

Upgrade to version 4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mambo Open Source	Mambo Server	3.0
		3.0.1
		3.0.2
		3.0.3
		3.0.4
		3.0.5

References

CVE ID: 2001-1011 (see also: NVD)
Bugtraq ID: 3093
ISS X-Force ID: 6910
CERT VU: 847803
Generic Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html
http://packetstormsecurity.nl/0107-exploits/mambo_advisorie.txt
Vendor URL: http://www.mamboserver.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mambo Open Source

Mambo Server

References

Credit