[VIM] vendor ack for "mambo-phphop Product Scroller Module R.F.I"
security curmudgeon
jericho at attrition.org
Thu Aug 24 05:42:11 EDT 2006
Disclosure:
http://archives.neohapsis.com/archives/bugtraq/2006-08/0363.html
Dispute:
http://archives.neohapsis.com/archives/bugtraq/2006-08/0436.html
Vendor:
http://www.mambo-phpshop.net/
which became
http://virtuemart.net/
Confirm:
http://virtuemart.net/index.php?option=com_content&task=view&id=209&Itemid=57
mambo-phpShop Security Alert
Monday, 21 August 2006
This is a security alert for all mambo-phpShop users. If you are still
using mambo-phpShop at an older version than "mambo-phpShop 1.2-stable",
your webshop is at a security risk.
Versions affected: mambo-phpShop 1.1 - 1.2 RC2.
Versions NOT affected: mambo-phpShop 1.2 stable (all patch levels).
Please note that VirtueMart is not affected by this security issue.
What's my mambo-phpShop version?
You can find out which version of mambo-phpShop you have installed by
looking at the file /administrator/components/com_phpshop/version.php of
your Mambo/Joomla installation.
Am I at risk?
The security hole can only be exploited if PHP on your server is running
with "register_globals=on". You can check this setting in Mambo by either
clicking on "System" => "Help" => "System Info", or "System" => "System
Info".
[..]
More information about the VIM
mailing list