PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
References
Configurations
History
21 Nov 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/21389 - Exploit, Patch, Vendor Advisory | |
References | () http://www.joomladeveloping.org/component/option%2Ccom_jd-wp/Itemid%2C29/p%2C33/ - | |
References | () http://www.securityfocus.com/bid/19373 - Exploit, Patch | |
References | () http://www.vupen.com/english/advisories/2006/3192 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/28253 - | |
References | () https://www.exploit-db.com/exploits/2125 - |
07 Nov 2023, 01:59
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2006-08-11 01:04
Updated : 2024-11-21 00:15
NVD link : CVE-2006-4074
Mitre link : CVE-2006-4074
CVE.ORG link : CVE-2006-4074
JSON object : View
Products Affected
joomla
- jd-wiki
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')