CVE-2006-4074

PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:joomla:jd-wiki:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:15

Type Values Removed Values Added
References () http://secunia.com/advisories/21389 - Exploit, Patch, Vendor Advisory () http://secunia.com/advisories/21389 - Exploit, Patch, Vendor Advisory
References () http://www.joomladeveloping.org/component/option%2Ccom_jd-wp/Itemid%2C29/p%2C33/ - () http://www.joomladeveloping.org/component/option%2Ccom_jd-wp/Itemid%2C29/p%2C33/ -
References () http://www.securityfocus.com/bid/19373 - Exploit, Patch () http://www.securityfocus.com/bid/19373 - Exploit, Patch
References () http://www.vupen.com/english/advisories/2006/3192 - () http://www.vupen.com/english/advisories/2006/3192 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/28253 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/28253 -
References () https://www.exploit-db.com/exploits/2125 - () https://www.exploit-db.com/exploits/2125 -

07 Nov 2023, 01:59

Type Values Removed Values Added
References
  • {'url': 'http://www.joomladeveloping.org/component/option,com_jd-wp/Itemid,29/p,33/', 'name': 'http://www.joomladeveloping.org/component/option,com_jd-wp/Itemid,29/p,33/', 'tags': ['Patch'], 'refsource': 'CONFIRM'}
  • () http://www.joomladeveloping.org/component/option%2Ccom_jd-wp/Itemid%2C29/p%2C33/ -

Information

Published : 2006-08-11 01:04

Updated : 2024-11-21 00:15


NVD link : CVE-2006-4074

Mitre link : CVE-2006-4074

CVE.ORG link : CVE-2006-4074


JSON object : View

Products Affected

joomla

  • jd-wiki
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')