First published: Mon Aug 21 2006(Updated: )
** DISPUTED ** PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mambo X-shop Component | <=1.7 | |
Joomla X-shop Component | <=1.7 | |
<=1.7 | ||
<=1.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2006-4269 is considered high due to the potential for remote code execution.
To fix CVE-2006-4269, upgrade the x-shop component to a version later than 1.7.
CVE-2006-4269 affects versions of the x-shop component 1.7 and earlier for both Mambo and Joomla!.
CVE-2006-4269 is a remote file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code.
While CVE-2006-4269 has been known for years, its threat level depends on whether vulnerable versions are still in use.