CVE-2006-4263

Name of the Vulnerable Software and Affected Versions Mambo and Joomla! com phpshop (affected versions not specified)

Description The issue concerns remote file inclusion vulnerabilities in various modules of mambo-phpshop for Mambo and Joomla!. Remote attackers can execute arbitrary PHP code via a URL in the mosConfig absolute path parameter in multiple modules, including mod phpshop.php, mod phpshop allinone.php, mod phpshop cart.php, mod phpshop featureprod.php, mod phpshop latestprod.php, mod product categories.php, mod productscroller.php, and mosproductsnap.php.

Recommendations As a temporary workaround, consider disabling the affected modules until a patch is available. Restrict access to the mosConfig absolute path parameter in the affected modules to minimize the risk of exploitation. Avoid using the mosConfig absolute path parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.