Vulnerabilities (CVE)

Filtered by vendor Mambo Subscribe
Filtered by product Contacts Xtd Component
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-4375 1 Mambo 1 Contacts Xtd Component 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined