CVE-2006-3995

Name of the Vulnerable Software and Affected Versions UHP (User Home Pages) component (aka com uhp) for Mambo or Joomla! version 0.5

Description The issue concerns remote file inclusion vulnerabilities in several PHP files within the UHP component, potentially allowing remote attackers to execute arbitrary PHP code. The vulnerability can be exploited via a URL in the mosConfig absolute path parameter.

Recommendations For UHP (User Home Pages) component (aka com uhp) for Mambo or Joomla! version 0.5, consider restricting access to the vulnerable PHP files, such as uhp config.php, footer.php, functions.php, install.uhp.php, toolbar.uhp.html.php, uhp.class.php, and uninstall.uhp.php, to minimize the risk of exploitation. Avoid using the mosConfig absolute path parameter in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.