PT-2006-5097 · Joomla · A6Mambocredits

Charles Nelwan

Published

2006-08-22

Updated

2017-10-19

CVE-2006-4288

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions a6mambocredits component (com a6mambocredits) versions 2.0.0 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig live site parameter in the admin.a6mambocredits.php file.

Recommendations For versions 2.0.0 and earlier, consider restricting access to the admin.a6mambocredits.php file until a fix is available. Avoid using the mosConfig live site parameter in the affected component until the issue is resolved.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2006-4288

Affected Products

A6Mambocredits

PT-2006-5097 · Joomla · A6Mambocredits

CVE-2006-4288

Weakness Enumeration

Related Identifiers

Affected Products

References · 8