Lucene search

[email protected]CVE-2006-4556

HistorySep 06, 2006 - 12:04 a.m.

CVE-2006-4556

2006-09-0600:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4556

php

remote file inclusion

jim component

mambo

joomla

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.8%

JSON

PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242

CPENameOperatorVersion
joomla:jim_componentjoomla jim componenteq*
mambo:jim_componentmambo jim componenteq*

CPE	Name	Operator	Version
joomla:jim_component	joomla jim component	eq	*
mambo:jim_component	mambo jim component	eq	*

References

www.osvdb.org/28097

www.securityfocus.com/archive/1/443674/100/100/threaded

www.securityfocus.com/archive/1/444216/100/100/threaded

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.8%

JSON

Related for CVE-2006-4556

cve1