CVE-2006-3990

Name of the Vulnerable Software and Affected Versions Savant2 (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig absolute path parameter in multiple Savant2 plugin files. This could potentially affect devices using Savant2, possibly in conjunction with the com mtree component for Mambo and Joomla!.

Recommendations As a temporary workaround, consider disabling the mosConfig absolute path parameter in the affected Savant2 plugin files until a patch is available. Restrict access to the Savant2 plugin files to minimize the risk of exploitation. Avoid using the mosConfig absolute path parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.