CVE-2006-0871: Path Traversal
First published: Fri Feb 24 2006(Updated: )
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mambo Mambo | =4.5.3h-h | |
| Mambo Mambo | =4.5.3h |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://source.mambo-foundation.org/view/news/Announcements/Security_Patch_Released/
- http://secunia.com/advisories/18935
- http://archives.neohapsis.com/archives/bugtraq/2006-02/0463.html
- http://www.gulftech.org/?node=research&article_id=00104-02242006
- http://www.osvdb.org/23505
- http://securityreason.com/securityalert/493
- http://www.vupen.com/english/advisories/2006/0719
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mambo
- canonical/mambo mambo
- version/mambo mambo/4.5.3h-h
- version/mambo mambo/4.5.3h