alireza hassani wrote: > Demonstration URL :
-------------------- http://www.example.com/mambo/index.php?option=com_content&task=section&id=1&Itemid=PATH
I've just tried this on one of my "vulnerable" Mambo installations and got nothing, but the blank screen. I wonder why this happened?.. Could it be because of displaying php errors turned off as it should be done in any production environment?
Solution: -------------------- There is no vendor-supplied patch for this issue at this time but we are not advising you to upgrade to Joomla because Mambo, version 4.5.3, will be released soon ( by the end of November this year). 4.5.3 represents the new Team’s first consolidation of bug fixes and includes a number of securityenhancements.
Isn't this "solution" somewhat overcomplicated? If someone wants to workaround this bug, it's not necessary to upgrade. It would be enough just to follow basic security principles.
-- wbr, Vasiliy