RSS   Vulnerabilities for 'Mtg myhomepage component'   RSS

2006-08-21
 
CVE-2006-4264

CWE-Other
 

 
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. NOTE: this issue has been disputed by a third party, who states that the $mosConfig_absolute_path variable is only used within a function definition. CVE source code analysis on 20060824 is not conclusive but tends to concur with the dispute. In addition, it appears that the component name is actually "lmtg_myhomepage".

 

 >>> Vendor: Mambo 65 Products
Site server
Mambo site server
Mambo open source
Mambo
Mambo open source 4.5
Mambo portal
Videodb
Sitemap
Smf-forum
Mambo calendar
Mambo multibanners
Mambatstaff
Artlinks component
Bayesiannaivefilter
Mambo gallery manager
Moslistmessenger component
Mtg myhomepage component
X-shop component
Mambelfish component
Catalogshop component
Anjel component
A6mambocredits component
Bigape-backup component
Contacts xtd component
Com comprofiler component
Jim component
Prince clan chess component
Glossary
Extcalthai module
Mostlyce
Nfn address book
Swmenu component
Flatmenu
Taskhopper component
Jambook
Remository
Com newsletter
Com mamml
Musepoes component
Com recipes
Com jokes
Com awesom
Com shambo2
Com sobi2
Com downloads
Com neoreferences
Com sermon
Com gallery
Com neogallery
Com doc
Com comments
Com quiz
Com scheduling component
Com filebase component
Kemas antonius com quran
Com ricette component
Com profile
Com detail
Com salesrep
Com facileforms
Com garyscookbook
Com ewriting
Datsogallery
Com comprofiler
Com flippingbook


Copyright 2024, cxsecurity.com

 

Back to Top