2 matches found
CVE-2006-3294
The CBSMS Mambo Module (1.0 and earlier) contains a PHP remote file inclusion in mod_cbsms_messages.php. The vulnerability arises when register_globals is enabled and an attacker supplies a URL in mosConfig_absolute_path, enabling arbitrary PHP code execution. Root cause: lack of input sanitizati...
CVE-2006-3302
The CVE describes a PHP remote file inclusion in CBSMS Mambo Module 1.0 and earlier. When register_globals is enabled, an attacker can inject a URL via the mosC_a_path parameter to execute arbitrary PHP code on the affected system. Connected documents corroborate the vulnerability class and note ...