Vulnerabilities > CVE-2006-4269

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

mambo

joomla

NVD

Published: 2006-08-21

Updated: 2024-04-11

Summary

PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package

Vulnerable Configurations

Part	Description	Count
Application	Mambo Mambo X Shop Component *	1
Application	Joomla Joomla X Shop Component *	1

References

http://www.securityfocus.com/bid/19588
http://archives.neohapsis.com/archives/bugtraq/2006-08/0427.html
http://www.osvdb.org/28095
https://exchange.xforce.ibmcloud.com/vulnerabilities/28451
http://www.securityfocus.com/archive/1/443625/100/0/threaded

Vulnerabilities > CVE-2006-4269 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2006-4269"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2006-4269