PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mambowiki | Mamboxchange | 0.9.4 (including) | 0.9.4 (including) |
| Mambowiki | Mamboxchange | 0.9.6 (including) | 0.9.6 (including) |
References
- http://securityreason.com/securityalert/1436
- http://www.lyquidity.com/mambo/index.php?option=com_mambowiki\u0026Itemid=134
- http://www.securityfocus.com/archive/1/443706/100/0/threaded
- http://www.securityfocus.com/bid/19594
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28463
- https://www.exploit-db.com/exploits/2213
- http://securityreason.com/securityalert/1436
- http://www.lyquidity.com/mambo/index.php?option=com_mambowiki\u0026Itemid=134
- http://www.securityfocus.com/archive/1/443706/100/0/threaded
- http://www.securityfocus.com/bid/19594
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28463
- https://www.exploit-db.com/exploits/2213