Description: A vulnerability has been reported in Mambo, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "GLOBALS['mosConfig_absolute_path']" parameter in "Tar.php" is not properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources. Successful exploitation requires that "register_globals" is enabled.
web-apps, pls verify/bump
We are not vulnerable, as we don't have Mambo 4.5.2 in the tree. However, I'll get Mambo 4.5.2.1 into the tree as quickly as possible, as a precaution. Best regards, Stu
Mambo 4.5.2 now in Portage.
Thanks Stuart. This package was never marked stable on any archs; closing without GLSA.