PT-2006-5105 · Mambo · Mambo

Mdx

Published

2006-08-23

Updated

2017-10-19

CVE-2006-4296

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mambo version 1.1

Description The issue concerns a remote file inclusion vulnerability in the bigAPE-Backup component. It allows remote attackers to include arbitrary files via the mosConfig absolute path parameter.

Recommendations For Mambo version 1.1, avoid using the mosConfig absolute path parameter in the affected API endpoint until the issue is resolved. Restrict access to the vulnerable bigAPE-Backup component to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4296

Affected Products

Mambo

PT-2006-5105 · Mambo · Mambo

CVE-2006-4296

Related Identifiers

Affected Products

References · 7