CVE-2006-4375

Опубликовано: 26 авг. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mambo:contacts_xtd_component:*:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01402

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-hfhx-25r6-4mcj

github

почти 4 года назад

** DISPUTED ** PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined.