SECUNIA ADVISORY ID: SA28251
VERIFY ADVISORY: http://secunia.com/advisories/28251/
CRITICAL: Highly critical
IMPACT: Unknown, Cross Site Scripting, System access
SOFTWARE: Mambo 4.x - http://secunia.com/product/872/
DESCRIPTION: Some vulnerabilities have been reported in Mambo, one with an unknown impact and others, which can be exploited by malicious people to conduct cross-site scripting attacks or to compromise a vulnerable system. The vulnerabilities are reported in version 4.6.2. Prior versions may also be affected.
1) A vulnerability is caused due to the use of a vulnerable copy of PHPMailer. For more information: SA25626
2) Input passed to unknown parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that the target user has valid administrator credentials.
3) A vulnerability is caused due to unknown errors in the template chooser functionality. No further information is currently available.
SOLUTION: Update to version 4.6.3.
PROVIDED AND/OR DISCOVERED BY: 1) Originally reported in PHPMailer by Thor Larholm. 2, 3) Reported by the vendor.
ORIGINAL ADVISORY: http://source.mambo-foundation.org/content/view/134/1/
OTHER REFERENCES: SA25626: http://secunia.com/advisories/25626/
|
This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3183
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3183