30 August 2006 - 23:01Mambo and PHP Security Issues

Unfortunately there have been several severe security issues with Mambo lately, at least from my perspective. Several weeks ago, my site was defaced, and a search into the problem led me to several HTTP queries that seemed to override the mosConfig_absolute_path PHP variable in the URL. This variable was set to a remote web site and page. Even after a fresh install to fix the problem and after applying all security patches, my site was still vulnerable to the same attack. I was furious and determined to find the cause and permanent solution. Read on for the fix.