CVE-2006-4556
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242
** DISCUTIDA ** Vulnerabilidad PHP de inclusión remota de archivo en index.php en el componente JIM para Mambo and Joomla! permite a un atacante remoto ejecutar código PHP de su elección a través de una URL en el parámetro mosConfig_absolute_path. NOTA: otro investigador ha indicado que la distribución del producto no incluye un fichero index.php. También, esto podría estar relacionado con CVE-2006-4242.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-09-05 CVE Reserved
- 2006-09-06 CVE Published
- 2024-01-29 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.osvdb.org/28097 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/443674/100/100/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/444216/100/100/threaded | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Joomla Search vendor "Joomla" | Jim Component Search vendor "Joomla" for product "Jim Component" | * | - |
Affected
| ||||||
| Mambo Search vendor "Mambo" | Jim Component Search vendor "Mambo" for product "Jim Component" | * | - |
Affected
| ||||||