Vulnerability Details : CVE-2006-4375
PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined
Vulnerability category: File inclusion
Products affected by CVE-2006-4375
- cpe:2.3:a:mambo:contacts_xtd_component:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4375
0.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4375
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-4375
-
http://securityreason.com/securityalert/1451
Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln - CXSecurity.com
-
http://www.securityfocus.com/archive/1/443892/100/0/threaded
-
http://www.osvdb.org/28091
404 Not Found
-
http://www.securityfocus.com/archive/1/444063/100/0/threaded
Jump to