CVE-2006-4468

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/21666	Vendor Advisory
http://www.joomla.org/content/view/1841/78/	Vendor Advisory
http://www.joomla.org/content/view/1843/74/	Vendor Advisory
http://www.vupen.com/english/advisories/2006/3408	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28628	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-08-31 20:04

Updated : 2024-02-28 10:42

NVD link : CVE-2006-4468

Mitre link : CVE-2006-4468

CVE.ORG link : CVE-2006-4468

JSON object : View

Products Affected

joomla

joomla\!

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2006-4468", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-08-31T20:04:00.000", "references": [{"url": "http://secunia.com/advisories/21666", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.joomla.org/content/view/1841/78/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.joomla.org/content/view/1843/74/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3408", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28628", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en Joomla! anterior a 1.0.11, relacionado con la invalidez de la entrada, permite a un atacante remoto tener un impacto desconocido a trav\u00e9s de vectores no especificados que abarcan las funciones (1) mosMail, (2) JosIsValidEmail y(3) josSpoofValue; (4) la carencia de la inclusi\u00f3n de globals.php en administrator/index.php; el Admin User Manager; y el (6) m\u00f3dulo poll."}], "lastModified": "2021-10-01T15:05:12.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "078081E2-DEA6-4D89-91A5-16F89708F016", "versionEndExcluding": "1.0.11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}