← Back

CVE-2006-4286

nvd nist
Published: Aug 22, 2006Modified: Apr 16, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate

Affected (21)

Products: Mambo: Mambo
Mambo
1 product
Mambo
Configuration A
21 vulnerable
Vulnerable SoftwareAffected Versions
Mambo
Mambo
Version 4.0.14
Mambo
Version 4.5.0.2
Mambo
Version 4.5.1.3
Mambo
Version 4.5.1_1.0.9
Mambo
Version 4.5.1a
Mambo
Version 4.5.1a a
Mambo
Version 4.5.1a beta
Mambo
Version 4.5.1a beta_2
Mambo
Version 4.5.2.1
Mambo
Version 4.5.2.2
Mambo
Version 4.5.2.3
Mambo
Version 4.5.2
Mambo
Version 4.5.3h
Mambo
Version 4.5.3h h
Mambo
Version 4.5_1.0.0
Mambo
Version 4.5_1.0.1
Mambo
Version 4.5_1.0.2
Mambo
Version 4.5_1.0.3_beta
Mambo
Version 4.5_1.0.3_beta beta
Mambo
Version 4.5_1.0.9
Mambo
Version 4.6 rc1

References (8)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.