Mambo Site Server Administrator Password Bypass Vulnerability

Mambo Site Server is a PHP- and MySQL-based tool for website content management and administration.

Versions of Mambo Site Server make insecure use of global variables in URLS used to authenticate a remote Mambo administrator through HTTP.

This flaw allows any user to access the Mambo Server's administration functions which can lead to compromises of the site's function, confidentiality of data, and potentially allow a hostile user to obtain sensitive information which could be used to further compromise the host.


Privacy Statement
Copyright 2010, SecurityFocus