CVE-2006-3995

Published: Aug 5, 2006Modified: Apr 16, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Affected (1)

Products: User Home Pages: User Home Pages

User Home Pages

1 product

User Home Pages

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
User Home Pages User Home Pages	Version 0.5

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (34)

http://attrition.org/pipermail/vim/2007-March/001457.html

Source: cve@mitre.org

http://attrition.org/pipermail/vim/2007-March/001458.html

Source: cve@mitre.org

http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-15-user-home-pges.html

Source: cve@mitre.org

http://secunia.com/advisories/21305

Source: cve@mitre.org

PatchVendor Advisory

http://www.osvdb.org/27651

Source: cve@mitre.org

ExploitPatch

http://www.osvdb.org/27652

Source: cve@mitre.org

http://www.osvdb.org/28111

Source: cve@mitre.org

http://www.osvdb.org/28112

Source: cve@mitre.org

http://www.osvdb.org/28113

Source: cve@mitre.org

http://www.ravenswoodit.co.uk/index.php?option=com_docman&task=cat_view&gid=76&Itemid=13

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/19233

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/23113

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3056

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/28080

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/33178

Source: cve@mitre.org

https://www.exploit-db.com/exploits/2089

Source: cve@mitre.org

https://www.exploit-db.com/exploits/3553

Source: cve@mitre.org

http://attrition.org/pipermail/vim/2007-March/001457.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://attrition.org/pipermail/vim/2007-March/001458.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-15-user-home-pges.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21305

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.osvdb.org/27651

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.osvdb.org/27652

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/28111

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/28112

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/28113

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ravenswoodit.co.uk/index.php?option=com_docman&task=cat_view&gid=76&Itemid=13

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/19233

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/23113

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/3056

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/28080

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/33178

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/2089

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/3553

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.