Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2006-3340

Опубликовано: 03 июл. 2006
Источник: nvd
CVSS2: 5.1
EPSS Средний

Описание

Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pearlinger:pearl_for_mambo:1.5:*:*:*:*:*:*:*
cpe:2.3:a:pearlinger:pearl_for_mambo:1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.14761
Средний

5.1 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-6fm2-7q3g-w45c

github
почти 4 года назад

Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.

EPSS

Процентиль: 94%
0.14761
Средний

5.1 Medium

CVSS2

Дефекты

NVD-CWE-Other