Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3340

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3340
Last Modified 07 Mar 2011 09:38:23
Published 03 Jul 2006 02:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3340

Summary

Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.

Vulnerable Systems

Application

  • Pearlinger Pearl For Mambo 1.5

  • Pearlinger Pearl For Mambo 1.6


References

VUPEN - ADV-2006-2561

BID - 18690

SECUNIA - 20819

MILW0RM - 1956

OSVDB - 27178

OSVDB - 27177

OSVDB - 27176

OSVDB - 27175

OSVDB - 27174

OSVDB - 27173

OSVDB - 27172

OSVDB - 27171

OSVDB - 27170

OSVDB - 27169

OSVDB - 27168


Last Updated: 27 May 2016 10:42:58