CVE-2006-4375

by Fred · 25/08/2006

** DISPUTED **

PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined.

Date published : 2006-08-25

http://www.securityfocus.com/archive/1/443892/100/0/threaded

http://www.securityfocus.com/archive/1/444063/100/0/threaded

CVE-2006-4375

Similar

Recent Posts

Categories

CVE-2006-4375

Share this:

Similar

Recent Posts

Categories

Tags