CVE-2006-3340

Name of the Vulnerable Software and Affected Versions Pearl For Mambo module version 1.6 for Mambo

Description The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via vulnerable parameters in several files, including phpbb root path in includes/functions cms.php and GlobalSettings[templatesDirectory] in multiple files within the "includes" directory, such as adminSensored.php, adminBoards.php, adminAttachments.php, adminAvatars.php, adminBackupdatabase.php, adminBanned.php, adminForums.php, adminPolls.php, adminSmileys.php, poll.php, and move.php.

Recommendations For Pearl For Mambo module version 1.6, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable parameters phpbb root path and GlobalSettings[templatesDirectory] in the affected files until a patch is available. Avoid using these parameters in the included API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.