CVE-2006-3748

Name of the Vulnerable Software and Affected Versions Mambo versions 4.0j and possibly 4.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig absolute path parameter in the LoudMouth Component. This is a result of a PHP remote file inclusion vulnerability in the includes/abbc/abbc.class.php file.

Recommendations For Mambo version 4.0j, consider restricting access to the mosConfig absolute path parameter to minimize the risk of exploitation. For Mambo version 4.1, if affected, apply the same restriction as for version 4.0j. At the moment, there is no information about a newer version that contains a fix for this vulnerability.