8.6 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.343 Low
EPSS
Percentile
97.0%
Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the “includes” directory including (b) adminSensored.php, © adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.
secunia.com/advisories/20819
www.osvdb.org/27168
www.osvdb.org/27169
www.osvdb.org/27170
www.osvdb.org/27171
www.osvdb.org/27172
www.osvdb.org/27173
www.osvdb.org/27174
www.osvdb.org/27175
www.osvdb.org/27176
www.osvdb.org/27177
www.osvdb.org/27178
www.securityfocus.com/bid/18690
www.vupen.com/english/advisories/2006/2561
www.exploit-db.com/exploits/1956