CVE-2006-1956 - The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitiv

CVE-2006-1956

Summary

The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.

References

http://irannetjob.com/content/view/209/28/
http://www.kapda.ir/advisory-313.html
http://www.securityfocus.com/archive/1/431317/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:mambo:mambo:4.5.3h:h:*:*:*:*:*:*
cpe:2.3:a:mambo:mambo:4.5.3h:h:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla:1.0.7:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability
misc	http://irannetjob.com/content/view/209/28/ http://www.kapda.ir/advisory-313.html

Last major update

14-02-2024 - 01:17

Published

21-04-2006 - 10:02

Last modified

14-02-2024 - 01:17