CVE-2005-4156

Name of the Vulnerable Software and Affected Versions Mambo versions 4.5 (1.0.0) through 4.5 (1.0.9)

Description The issue allows remote attackers to read arbitrary files and possibly cause a denial of service. This can be achieved by sending a query string that ends with a NULL character, when magic quotes gpc is disabled.

Recommendations For Mambo versions 4.5 (1.0.0) through 4.5 (1.0.9), enable magic quotes gpc to prevent exploitation. As a temporary workaround, consider restricting access to sensitive files and directories until a fix is available.