peter MC tachatte has discovered a vulnerability in Mambo,
which can be exploited by malicious people to manipulate
certain information and compromise a vulnerable system.
The vulnerability is caused due to an error in the
"register_globals" emulation layer in "globals.php" where
certain arrays used by the system can be overwritten. This
can be exploited to include arbitrary files from external
and local resources via the "mosConfig_absolute_path" parameter.
Successful exploitation requires that "register_globals"
is disabled.