CVE-2006-4074

PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:joomla:jd-wiki:*:*:*:*:*:*:*:*

History

07 Nov 2023, 01:59

Type Values Removed Values Added
References
  • {'url': 'http://www.joomladeveloping.org/component/option,com_jd-wp/Itemid,29/p,33/', 'name': 'http://www.joomladeveloping.org/component/option,com_jd-wp/Itemid,29/p,33/', 'tags': ['Patch'], 'refsource': 'CONFIRM'}
  • () http://www.joomladeveloping.org/component/option%2Ccom_jd-wp/Itemid%2C29/p%2C33/ -

Information

Published : 2006-08-11 01:04

Updated : 2024-02-28 10:42


NVD link : CVE-2006-4074

Mitre link : CVE-2006-4074

CVE.ORG link : CVE-2006-4074


JSON object : View

Products Affected

joomla

  • jd-wiki
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')