发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:32:49

[原文]Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message.

[CNNVD]Mambo Site Server远程软件安装路径泄露漏洞(CNNVD-200212-448)

        Mambo Site Server是一款免费开放源代码WEB内容管理工具,由PHP编写。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  BID  6387
(UNKNOWN)  XF  mambo-index-path-disclosure(10856)
(UNKNOWN)  BUGTRAQ  20021212 Multiple Mambo Site Server sec-weaknesses

- 漏洞信息

Mambo Site Server远程软件安装路径泄露漏洞
中危 输入验证
2002-12-31 00:00:00 2002-12-31 00:00:00
        Mambo Site Server是一款免费开放源代码WEB内容管理工具,由PHP编写。

- 公告与补丁

        * 修改php.ini设置:
        display_errors = Off
        Mambo Mambo Site Server 4.0.11:
        Mambo Upgrade mamboV4.0.12-BETA.tar.gz

- 漏洞信息 (22087)

Mambo Site Server 4.0.11 Path Disclosure Vulnerability (EDBID:22087)
php webapps
2002-12-12 Verified
0 euronymous
N/A [点击下载]

A vulnerability has been discovered in Mambo Site Server. Requesting the 'index.php' script with an invalid parameter will cause an error page to be generated containing the path of the Mambo script.

Information obtained by exploiting this issue may aid an attacker in launching further attacks against a target server.

It should be noted that this vulnerability was reported in Mambo Site Server 4.0.11. It is not yet known whether other versions are affected.		

- 漏洞信息

Mambo Site Server index.php Itemid Variable Path Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

Mambo Site Server contains a flaw that may lead to an unauthorized information disclosure. This flaw exists because the application does not validate 'Itemid' variables upon submission to the 'index.php' script. Is is possible for a remote attacker to send a specially crafted request to the 'index.php' script which would cause an error message to be returned that reveals the installation path, resulting in a loss of confidentiality.

- 时间线

2002-12-12 Unknow
2002-12-12 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者