CVE-2006-4286 : PHP remote file inclusion vulnerability in contentpublisher.php in the contentpu

PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate

Published 2006-08-22 17:04:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2006-4286

Mambo » Mambo » Version: 4.5 1.0.9
cpe:2.3:a:mambo:mambo:4.5_1.0.9:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.1.3
cpe:2.3:a:mambo:mambo:4.5.1.3:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.1a Update A
cpe:2.3:a:mambo:mambo:4.5.1a:a:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.0.2
cpe:2.3:a:mambo:mambo:4.5.0.2:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.2
cpe:2.3:a:mambo:mambo:4.5.2:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.2.2
cpe:2.3:a:mambo:mambo:4.5.2.2:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.2.1
cpe:2.3:a:mambo:mambo:4.5.2.1:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.2.3
cpe:2.3:a:mambo:mambo:4.5.2.3:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.3h
cpe:2.3:a:mambo:mambo:4.5.3h:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.3h Update H
cpe:2.3:a:mambo:mambo:4.5.3h:h:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.0.14
cpe:2.3:a:mambo:mambo:4.0.14:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.1 1.0.9
cpe:2.3:a:mambo:mambo:4.5.1_1.0.9:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.1a
cpe:2.3:a:mambo:mambo:4.5.1a:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.1a Update Beta
cpe:2.3:a:mambo:mambo:4.5.1a:beta:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5 1.0.0
cpe:2.3:a:mambo:mambo:4.5_1.0.0:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5 1.0.1
cpe:2.3:a:mambo:mambo:4.5_1.0.1:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5 1.0.3 Beta Update Beta
cpe:2.3:a:mambo:mambo:4.5_1.0.3_beta:beta:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5.1a Update Beta 2
cpe:2.3:a:mambo:mambo:4.5.1a:beta_2:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5 1.0.2
cpe:2.3:a:mambo:mambo:4.5_1.0.2:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.5 1.0.3 Beta
cpe:2.3:a:mambo:mambo:4.5_1.0.3_beta:*:*:*:*:*:*:*
Matching versions
Mambo » Mambo » Version: 4.6 Update RC1
cpe:2.3:a:mambo:mambo:4.6:rc1:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-4286

EPSS FAQ

0.71%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-4286

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-4286

http://www.securityfocus.com/archive/1/443626/100/0/threaded
http://www.osvdb.org/28093

404 Not Found
http://securityreason.com/securityalert/1431

contentpublisher Mambo Component Remote File Include Vulnerabilities - CXSecurity.com
http://www.securityfocus.com/archive/1/444244/100/0/threaded

Jump to

Vulnerability Details : CVE-2006-4286

Products affected by CVE-2006-4286

Exploit prediction scoring system (EPSS) score for CVE-2006-4286

CVSS scores for CVE-2006-4286

References for CVE-2006-4286