alireza hassani wrote:
> Demonstration URL :
--------------------
http://www.example.com/mambo/index.php?option=com_content&task=section&id=1&Itemid=PATH
I've just tried this on one of my "vulnerable" Mambo installations
and got nothing, but the blank screen. I wonder why this happened?..
Could it be because of displaying php errors turned off as it should be
done in any production environment?
Solution:
--------------------
There is no vendor-supplied patch for this issue at
this time but we are not advising you to upgrade to
Joomla because Mambo, version 4.5.3, will be released
soon ( by the end of November this year).
4.5.3 represents the new Team’s first consolidation
of bug fixes and includes a number of security
enhancements.
Isn't this "solution" somewhat overcomplicated? If someone wants to
workaround this bug, it's not necessary to upgrade. It would be enough
just to follow basic security principles.
--
wbr,
Vasiliy
