CVE-2006-4375

2006-08-2601:00:00

mitre

www.cve.org

AI Score

7.5

Confidence

Low

EPSS

0.012

Percentile

85.0%

JSON

PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined

References

securityreason.com/securityalert/1451

www.osvdb.org/28091

www.securityfocus.com/archive/1/443892/100/0/threaded

www.securityfocus.com/archive/1/444063/100/0/threaded