PT-2003-2190 · Mambo · Mambo
Published
2003-12-31
·
Updated
2017-07-11
·
CVE-2003-1245
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mambo version 4.0.12
Description
The issue allows remote attackers to gain administrator access. This is achieved by making a URL request where the
session id is set to the MD5 hash of a session cookie.Recommendations
For Mambo version 4.0.12, consider restricting access to the
index2.php file until a patch is available. As a temporary workaround, avoid using the session id parameter in URL requests to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mambo