ID |
CVE-2006-4263
|
Summary |
Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 17-10-2018 - 21:34) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 19591 | bugtraq | 20060818 mambo-phphop Product Scroller Module R.F.I | osvdb | - 28151
- 28152
- 28153
- 28154
- 28155
- 28156
- 28158
| xf | phpshop-toolbarphpshop-file-include(28441) |
|
Last major update |
17-10-2018 - 21:34 |
Published |
21-08-2006 - 21:04 |
Last modified |
17-10-2018 - 21:34 |