[VIM] vendor ack for "mambo-phphop Product Scroller Module R.F.I"

security curmudgeon jericho at attrition.org
Thu Aug 24 05:42:11 EDT 2006


Disclosure:
http://archives.neohapsis.com/archives/bugtraq/2006-08/0363.html

Dispute:
http://archives.neohapsis.com/archives/bugtraq/2006-08/0436.html

Vendor:
http://www.mambo-phpshop.net/
which became
http://virtuemart.net/

Confirm:
http://virtuemart.net/index.php?option=com_content&task=view&id=209&Itemid=57

  mambo-phpShop Security Alert
Monday, 21 August 2006

This is a security alert for all mambo-phpShop users. If you are still 
using mambo-phpShop at an older version than "mambo-phpShop 1.2-stable", 
your webshop is at a security risk.

Versions affected: mambo-phpShop 1.1 - 1.2 RC2.
Versions NOT affected: mambo-phpShop 1.2 stable (all patch levels).

Please note that VirtueMart is not affected by this security issue.

What's my mambo-phpShop version?

You can find out which version of mambo-phpShop you have installed by 
looking at the file /administrator/components/com_phpshop/version.php of 
your Mambo/Joomla installation.


Am I at risk?

The security hole  can only be exploited if PHP on your server is running 
with "register_globals=on". You can check this setting in Mambo by either 
clicking on "System" => "Help" => "System Info", or "System" => "System 
Info".

[..]


More information about the VIM mailing list