Micronational alert: MIMBA insecure

User beware.

The Micronation Banking System (MIMBA), a German-language, PHP code-based banking system for micronations developed for all POSIX (Linux/BSD/UNIX-like OSes) systems, and which can be downloaded from SourceForge, has been shown vulnerable by an authority such as the US-CERT (United States Computer Emergency Readiness Team), in their Cyber Security Bulletin SB09-033.

The bulletin states: “Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/.”

Please inform anyone you know about this.


Comments are closed.