CERTA-2008-AVI-280

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités affectant Mambo permettent de réaliser diverses injections.

Description

Trois vulnérabilités ont été découvertes dans Mambo :

  • une injection de code SQL est possible via les paramètres articleid et mcname du fichier index.php. L'exploitation de cette vulnérabilité n'est possible que si la fonctionnalité magic_quotes_gpc est désactivée dans le fichier de configuration de PHP ;
  • les entêtes HTTP des réponses envoyées par le serveur peuvent être manipulées ;
  • des attaques de type cross-site scripting sont possibles dans MOStlyCE (versions 3.0 et antérieures). La versions 4.6.4 de Mambo inclut MOStlyCE version 3.05.

Solution

Mettre Mambo à jour en version 4.6.4 (cf. section Documentation).

Mambo versions 4.6.3 et antérieures.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eMambo\u003c/SPAN\u003e versions 4.6.3 et  ant\u00e9rieures.\u003c/P\u003e",
  "content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mambo :\n\n-   une injection de code SQL est possible via les param\u00e8tres articleid\n    et mcname du fichier index.php. L\u0027exploitation de cette\n    vuln\u00e9rabilit\u00e9 n\u0027est possible que si la fonctionnalit\u00e9\n    magic_quotes_gpc est d\u00e9sactiv\u00e9e dans le fichier de configuration de\n    PHP ;\n-   les ent\u00eates HTTP des r\u00e9ponses envoy\u00e9es par le serveur peuvent \u00eatre\n    manipul\u00e9es ;\n-   des attaques de type cross-site scripting sont possibles dans\n    MOStlyCE (versions 3.0 et ant\u00e9rieures). La versions 4.6.4 de Mambo\n    inclut MOStlyCE version 3.05.\n\n## Solution\n\nMettre Mambo \u00e0 jour en version 4.6.4 (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2497"
    },
    {
      "name": "CVE-2008-2498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2498"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE-2008-2498 :",
      "url": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2498"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE-2008-2497 :",
      "url": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2497"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement de Mambo    version 4.6.4 :",
      "url": "http://mambo-code.org/gf/project/mambo/frs/"
    }
  ],
  "reference": "CERTA-2008-AVI-280",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-05-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injections de code indirectes ( cross-site scripting )"
    },
    {
      "description": "Injection de code SQL"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant \u003cspan class=\"textit\"\u003eMambo\u003c/span\u003e\npermettent de r\u00e9aliser diverses injections.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Mambo",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce de la version 4.6.4 de Mambo du 24 mai 2008",
      "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.