{"id": "EDB-ID:2205", "hash": "621c2eb805f868b713530c2049a3fbc0", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Joomla Mosets Tree <= 1.0 - Remote File Include Vulnerability", "description": "Joomla Mosets Tree <= 1.0 Remote File Include Vulnerability. CVE-2006-3990. Webapps exploit for php platform", "published": "2006-08-17T00:00:00", "modified": "2006-08-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/2205/", "reporter": "Crackers_Child", "references": [], "cvelist": ["CVE-2006-3990"], "lastseen": "2016-01-31T15:45:14", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-3990"]}, {"type": "osvdb", "idList": ["OSVDB:28710", "OSVDB:28708", "OSVDB:28699", "OSVDB:28681", "OSVDB:28683", "OSVDB:28679", "OSVDB:28704", "OSVDB:28685", "OSVDB:28696", "OSVDB:28700"]}, {"type": "exploitdb", "idList": ["EDB-ID:28273"]}], "modified": "2016-01-31T15:45:14"}, "vulnersScore": 5.0}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/2205/", "sourceData": "!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!\n--------------------------------------------------------------------------------\n\nTitle : Joomla Mosets Tree <= 1.0 Remote File Include Vulnerability\n\n--------------------------------------------------------------------------------\n#Author: Crackers_Child\n\n\n#cont@ct: crackers_child@sibersavascilar.com\n\n--------------------------------------------------------------------------------\n\nGoogle Dorks : inurl:\"/com_mtree/\"\n\n------------------------- -------------------------------------------------------\n\nApplication : Mtree Component of Mambo\n\n--------------------------------------------------------------------------------\n\n--------------------------------------------------------------------------------\n\nExploit:\n\nhttp://[target]/[mambo_path]/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=\n\n--------------------------------------------------------------------------------\n\ngreets:\n\nAll My Friends And SiberSavascilar.Com Members !\n\n--------------------------------------------------------------------------------\n\n\n\n--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------\n\n# milw0rm.com [2006-08-17]\n", "osvdbidlist": ["28712"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2018-10-18T15:05:37", "bulletinFamily": "NVD", "description": "Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones Savant2, possibly when used with the com_mtree component for Mambo and Joomla!, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) Savant2_Plugin_stylesheet.php, (2) Savant2_Compiler_basic.php, (3) Savant2_Error_pear.php, (4) Savant2_Error_stack.php, (5) Savant2_Filter_colorizeCode.php, (6) Savant2_Filter_trimwhitespace.php, (7) Savant2_Plugin_ahref.php, (8) Savant2_Plugin_ahrefcontact.php, (9) Savant2_Plugin_ahreflisting.php, (10) Savant2_Plugin_ahreflistingimage.php, (11) Savant2_Plugin_ahrefmap.php, (12) Savant2_Plugin_ahrefownerlisting.php, (13) Savant2_Plugin_ahrefprint.php, (14) Savant2_Plugin_ahrefrating.php, (15) Savant2_Plugin_ahrefrecommend.php, (16) Savant2_Plugin_ahrefreport.php, (17) Savant2_Plugin_ahrefreview.php, (18) Savant2_Plugin_ahrefvisit.php, (19) Savant2_Plugin_checkbox.php, (20) Savant2_Plugin_cycle.php, (21) Savant2_Plugin_dateformat.php, (22) Savant2_Plugin_editor.php, (23) Savant2_Plugin_form.php, (24) Savant2_Plugin_image.php, (25) Savant2_Plugin_input.php, (26) Savant2_Plugin_javascript.php, (27) Savant2_Plugin_listalpha.php, (28) Savant2_Plugin_listingname.php, (29) Savant2_Plugin_modify.php, (30) Savant2_Plugin_mtpath.php, (31) Savant2_Plugin_options.php, (32) Savant2_Plugin_radios.php, (33) Savant2_Plugin_rating.php, or (34) Savant2_Plugin_textarea.php.", "modified": "2018-10-17T17:32:40", "published": "2006-08-04T20:04:00", "id": "CVE-2006-3990", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3990", "title": "CVE-2006-3990", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_form.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_form.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.mosets.com/tree/\nVendor URL: http://www.phpsavant.com/yawiki/\nVendor Specific News/Changelog Entry: http://forum.mosets.com/showthread.php?t=3625\nSecurity Tracker: 1016560\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001022.html\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001024.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0370.html\nKeyword: [Kurdish Security # 13],Savant Template System for PHP\nISS X-Force ID: 27906\n[CVE-2006-3990](https://vulners.com/cve/CVE-2006-3990)\nBugtraq ID: 19151\n", "modified": "2006-07-21T23:50:40", "published": "2006-07-21T23:50:40", "href": "https://vulners.com/osvdb/OSVDB:28700", "id": "OSVDB:28700", "type": "osvdb", "title": "Mosets Tree Savant2_Plugin_form.php mosConfig_absolute_path Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_image.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_image.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.mosets.com/tree/\nVendor URL: http://www.phpsavant.com/yawiki/\nVendor Specific News/Changelog Entry: http://forum.mosets.com/showthread.php?t=3625\nSecurity Tracker: 1016560\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001022.html\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001024.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0370.html\nKeyword: [Kurdish Security # 13],Savant Template System for PHP\nISS X-Force ID: 27906\n[CVE-2006-3990](https://vulners.com/cve/CVE-2006-3990)\nBugtraq ID: 19151\n", "modified": "2006-07-21T23:50:40", "published": "2006-07-21T23:50:40", "href": "https://vulners.com/osvdb/OSVDB:28701", "id": "OSVDB:28701", "type": "osvdb", "title": "Mosets Tree Savant2_Plugin_image.php mosConfig_absolute_path Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_javascript.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_javascript.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.mosets.com/tree/\nVendor URL: http://www.phpsavant.com/yawiki/\nVendor Specific News/Changelog Entry: http://forum.mosets.com/showthread.php?t=3625\nSecurity Tracker: 1016560\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001022.html\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001024.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0370.html\nKeyword: [Kurdish Security # 13],Savant Template System for PHP\nISS X-Force ID: 27906\n[CVE-2006-3990](https://vulners.com/cve/CVE-2006-3990)\nBugtraq ID: 19151\n", "modified": "2006-07-21T23:50:40", "published": "2006-07-21T23:50:40", "href": "https://vulners.com/osvdb/OSVDB:28703", "id": "OSVDB:28703", "type": "osvdb", "title": "Mosets Tree Savant2_Plugin_javascript.php mosConfig_absolute_path Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_listalpha.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_listalpha.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.mosets.com/tree/\nVendor URL: http://www.phpsavant.com/yawiki/\nVendor Specific News/Changelog Entry: http://forum.mosets.com/showthread.php?t=3625\nSecurity Tracker: 1016560\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001022.html\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001024.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0370.html\nKeyword: [Kurdish Security # 13],Savant Template System for PHP\nISS X-Force ID: 27906\n[CVE-2006-3990](https://vulners.com/cve/CVE-2006-3990)\nBugtraq ID: 19151\n", "modified": "2006-07-21T23:50:40", "published": "2006-07-21T23:50:40", "href": "https://vulners.com/osvdb/OSVDB:28704", "id": "OSVDB:28704", "type": "osvdb", "title": "Mosets Tree Savant2_Plugin_listalpha.php mosConfig_absolute_path Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_stylesheet.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_stylesheet.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[mam_jom_path]/components/com_mtree/Savant2/Savant2_Plugin_stylesheet.php?mosConfig_absolute_path=EvilScript.txt?&cmd=id\n## References:\nVendor URL: http://www.mosets.com/tree/\nVendor URL: http://www.phpsavant.com/yawiki/\nVendor Specific News/Changelog Entry: http://forum.mosets.com/showthread.php?t=3625\nSecurity Tracker: 1016560\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001022.html\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001024.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0370.html\nKeyword: [Kurdish Security # 13],Savant Template System for PHP\nISS X-Force ID: 27906\n[CVE-2006-3990](https://vulners.com/cve/CVE-2006-3990)\nBugtraq ID: 19151\n", "modified": "2006-07-21T23:50:40", "published": "2006-07-21T23:50:40", "href": "https://vulners.com/osvdb/OSVDB:28711", "id": "OSVDB:28711", "type": "osvdb", "title": "Mosets Tree Savant2_Plugin_stylesheet.php mosConfig_absolute_path Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Filter_trimwhitespace.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Filter_trimwhitespace.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.mosets.com/tree/\nVendor URL: http://www.phpsavant.com/yawiki/\nVendor Specific News/Changelog Entry: http://forum.mosets.com/showthread.php?t=3625\nSecurity Tracker: 1016560\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001022.html\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001024.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0370.html\nKeyword: [Kurdish Security # 13],Savant Template System for PHP\nISS X-Force ID: 27906\n[CVE-2006-3990](https://vulners.com/cve/CVE-2006-3990)\nBugtraq ID: 19151\n", "modified": "2006-07-21T23:50:40", "published": "2006-07-21T23:50:40", "href": "https://vulners.com/osvdb/OSVDB:28683", "id": "OSVDB:28683", "type": "osvdb", "title": "Mosets Tree Savant2_Filter_trimwhitespace.php mosConfig_absolute_path Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefcontact.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefcontact.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.mosets.com/tree/\nVendor URL: http://www.phpsavant.com/yawiki/\nVendor Specific News/Changelog Entry: http://forum.mosets.com/showthread.php?t=3625\nSecurity Tracker: 1016560\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001022.html\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001024.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0370.html\nKeyword: [Kurdish Security # 13],Savant Template System for PHP\nISS X-Force ID: 27906\n[CVE-2006-3990](https://vulners.com/cve/CVE-2006-3990)\nBugtraq ID: 19151\n", "modified": "2006-07-21T23:50:40", "published": "2006-07-21T23:50:40", "href": "https://vulners.com/osvdb/OSVDB:28685", "id": "OSVDB:28685", "type": "osvdb", "title": "Mosets Tree Savant2_Plugin_ahrefcontact.php mosConfig_absolute_path Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefrecommend.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefrecommend.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.mosets.com/tree/\nVendor URL: http://www.phpsavant.com/yawiki/\nVendor Specific News/Changelog Entry: http://forum.mosets.com/showthread.php?t=3625\nSecurity Tracker: 1016560\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001022.html\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001024.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0370.html\nKeyword: [Kurdish Security # 13],Savant Template System for PHP\nISS X-Force ID: 27906\n[CVE-2006-3990](https://vulners.com/cve/CVE-2006-3990)\nBugtraq ID: 19151\n", "modified": "2006-07-21T23:50:40", "published": "2006-07-21T23:50:40", "href": "https://vulners.com/osvdb/OSVDB:28692", "id": "OSVDB:28692", "type": "osvdb", "title": "Mosets Tree Savant2_Plugin_ahrefrecommend.php mosConfig_absolute_path Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefvisit.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefvisit.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.mosets.com/tree/\nVendor URL: http://www.phpsavant.com/yawiki/\nVendor Specific News/Changelog Entry: http://forum.mosets.com/showthread.php?t=3625\nSecurity Tracker: 1016560\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001022.html\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001024.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0370.html\nKeyword: [Kurdish Security # 13],Savant Template System for PHP\nISS X-Force ID: 27906\n[CVE-2006-3990](https://vulners.com/cve/CVE-2006-3990)\nBugtraq ID: 19151\n", "modified": "2006-07-21T23:50:40", "published": "2006-07-21T23:50:40", "href": "https://vulners.com/osvdb/OSVDB:28695", "id": "OSVDB:28695", "type": "osvdb", "title": "Mosets Tree Savant2_Plugin_ahrefvisit.php mosConfig_absolute_path Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_checkbox.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 1.5.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_checkbox.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## References:\nVendor URL: http://www.mosets.com/tree/\nVendor URL: http://www.phpsavant.com/yawiki/\nVendor Specific News/Changelog Entry: http://forum.mosets.com/showthread.php?t=3625\nSecurity Tracker: 1016560\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001022.html\nMail List Post: http://attrition.org/pipermail/vim/2006-September/001024.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0370.html\nKeyword: [Kurdish Security # 13],Savant Template System for PHP\nISS X-Force ID: 27906\n[CVE-2006-3990](https://vulners.com/cve/CVE-2006-3990)\nBugtraq ID: 19151\n", "modified": "2006-07-21T23:50:40", "published": "2006-07-21T23:50:40", "href": "https://vulners.com/osvdb/OSVDB:28696", "id": "OSVDB:28696", "type": "osvdb", "title": "Mosets Tree Savant2_Plugin_checkbox.php mosConfig_absolute_path Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T07:47:30", "bulletinFamily": "exploit", "description": "PHPSavant Savant2 stylesheet.php mosConfig_absolute_path Parameter Remote File Inclusion. CVE-2006-3990. Webapps exploit for php platform", "modified": "2006-07-25T00:00:00", "published": "2006-07-25T00:00:00", "id": "EDB-ID:28273", "href": "https://www.exploit-db.com/exploits/28273/", "type": "exploitdb", "title": "PHPSavant Savant2 stylesheet.php mosConfig_absolute_path Parameter Remote File Inclusion", "sourceData": "source: http://www.securityfocus.com/bid/19151/info\r\n\r\nSavant2 is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.\r\n\r\nAn attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.\r\n\r\nhttp://www.example.com/[mam_jom_path]/components/com_mtree/Savant2/Savant2_Plugin_stylesheet.php?mosConfig_absolute_path=EvilScript.txt?&cmd=id", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28273/"}]}