Vulnerabilities > CVE-2006-3340 - Unspecified vulnerability in Pearlinger Pearl for Mambo 1.5/1.6

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
pearlinger
exploit available
NVD
Published: 2006-07-03
Updated: 2024-11-21

Summary

Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.

Vulnerable Configurations

Part Description Count
Application
Pearlinger
2

Exploit-Db

descriptionPearl For Mambo <= 1.6 Multiple Remote File Include Vulnerabilities. CVE-2006-3340. Webapps exploit for php platform
fileexploits/php/webapps/1956.txt
idEDB-ID:1956
last seen2016-01-31
modified2006-06-27
platformphp
port
published2006-06-27
reporterKw3[R]Ln
sourcehttps://www.exploit-db.com/download/1956/
titlePearl For Mambo <= 1.6 - Multiple Remote File Include Vulnerabilities
typewebapps

References