[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-0871

Date: (C)2006-02-24   (M)2015-12-16
 
CVSS Score: 6.4Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 4.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: NONE











Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.

Reference:
SECUNIA-18935
http://archives.neohapsis.com/archives/bugtraq/2006-02/0463.html
OSVDB-23505
SREASON-493
ADV-2006-0719
http://source.mambo-foundation.org/view/news/Announcements/Security_Patch_Released/
http://www.gulftech.org/?node=research&article_id=00104-02242006

CWE    1
CWE-22

© 2013 SecPod Technologies