CVE-2006-4269

Опубликовано: 21 авг. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:joomla:x-shop_component:*:*:*:*:*:*:*:*

Версия до 1.7 (включая)

cpe:2.3:a:mambo:x-shop_component:*:*:*:*:*:*:*:*

Версия до 1.7 (включая)

EPSS

Процентиль: 22%

0.00071

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-8cpp-ccvc-xm2q

github

почти 4 года назад

** DISPUTED ** PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package.