PT-2006-2940 · Mambo+1 · Mambo+1
Published
2006-04-21
·
Updated
2024-02-14
·
CVE-2006-1956
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mambo (affected versions not specified)
Joomla! (affected versions not specified)
Description
The issue allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. This is related to the com rss option in the rss.php file.
Recommendations
For Mambo, consider restricting access to the rss.php file until a fix is available.
For Joomla!, avoid using the com rss option with invalid feed parameters until the issue is resolved.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Joomla!
Mambo