Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
References
Configurations
History
21 Nov 2024, 00:14
Type | Values Removed | Values Added |
---|---|---|
References | () http://attrition.org/pipermail/vim/2007-March/001457.html - | |
References | () http://attrition.org/pipermail/vim/2007-March/001458.html - | |
References | () http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-15-user-home-pges.html - | |
References | () http://secunia.com/advisories/21305 - Patch, Vendor Advisory | |
References | () http://www.osvdb.org/27651 - Exploit, Patch | |
References | () http://www.osvdb.org/27652 - | |
References | () http://www.osvdb.org/28111 - | |
References | () http://www.osvdb.org/28112 - | |
References | () http://www.osvdb.org/28113 - | |
References | () http://www.ravenswoodit.co.uk/index.php?option=com_docman&task=cat_view&gid=76&Itemid=13 - Patch | |
References | () http://www.securityfocus.com/bid/19233 - Exploit | |
References | () http://www.securityfocus.com/bid/23113 - | |
References | () http://www.vupen.com/english/advisories/2006/3056 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/28080 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/33178 - | |
References | () https://www.exploit-db.com/exploits/2089 - | |
References | () https://www.exploit-db.com/exploits/3553 - |
Information
Published : 2006-08-05 00:04
Updated : 2024-11-21 00:14
NVD link : CVE-2006-3995
Mitre link : CVE-2006-3995
CVE.ORG link : CVE-2006-3995
JSON object : View
Products Affected
user_home_pages
- user_home_pages
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')