CVE-2006-4286
First published: Tue Aug 22 2006(Updated: )
** DISPUTED ** PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mambo (MamboCMS) | =4.0.14 | |
| Mambo (MamboCMS) | =4.5.0.2 | |
| Mambo (MamboCMS) | =4.5.1.3 | |
| Mambo (MamboCMS) | =4.5.1_1.0.9 | |
| Mambo (MamboCMS) | =4.5.1a | |
| Mambo (MamboCMS) | =4.5.1a-a | |
| Mambo (MamboCMS) | =4.5.1a-beta | |
| Mambo (MamboCMS) | =4.5.1a-beta_2 | |
| Mambo (MamboCMS) | =4.5.2 | |
| Mambo (MamboCMS) | =4.5.2.1 | |
| Mambo (MamboCMS) | =4.5.2.2 | |
| Mambo (MamboCMS) | =4.5.2.3 | |
| Mambo (MamboCMS) | =4.5.3h | |
| Mambo (MamboCMS) | =4.5.3h-h | |
| Mambo (MamboCMS) | =4.5_1.0.0 | |
| Mambo (MamboCMS) | =4.5_1.0.1 | |
| Mambo (MamboCMS) | =4.5_1.0.2 | |
| Mambo (MamboCMS) | =4.5_1.0.3_beta | |
| Mambo (MamboCMS) | =4.5_1.0.3_beta-beta | |
| Mambo (MamboCMS) | =4.5_1.0.9 | |
| Mambo (MamboCMS) | =4.6-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-4286?
The severity of CVE-2006-4286 is classified as medium risk due to its potential for remote code execution.
How do I fix CVE-2006-4286?
To fix CVE-2006-4286, you should upgrade to a patched version of Mambo that addresses this vulnerability.
Which versions of Mambo are affected by CVE-2006-4286?
CVE-2006-4286 affects Mambo versions 4.6-rc1 and 4.5.x, including multiple sub-versions.
Can CVE-2006-4286 be exploited remotely?
Yes, CVE-2006-4286 can be exploited remotely by attackers through crafted URLs.
What is the impact of CVE-2006-4286 on my Mambo installation?
The impact of CVE-2006-4286 allows unauthorized users to execute arbitrary PHP code on vulnerable Mambo installations.
- agent/author
- agent/references
- agent/type
- agent/severity
- agent/weakness
- agent/status
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/mambo
- canonical/mambo (mambocms)
- version/mambo (mambocms)/4.0.14
- version/mambo (mambocms)/4.5.0.2
- version/mambo (mambocms)/4.5.1.3
- version/mambo (mambocms)/4.5.1_1.0.9
- version/mambo (mambocms)/4.5.1a
- version/mambo (mambocms)/4.5.1a-a
- version/mambo (mambocms)/4.5.1a-beta
- version/mambo (mambocms)/4.5.1a-beta_2
- version/mambo (mambocms)/4.5.2
- version/mambo (mambocms)/4.5.2.1
- version/mambo (mambocms)/4.5.2.2
- version/mambo (mambocms)/4.5.2.3
- version/mambo (mambocms)/4.5.3h
- version/mambo (mambocms)/4.5.3h-h
- version/mambo (mambocms)/4.5_1.0.0
- version/mambo (mambocms)/4.5_1.0.1
- version/mambo (mambocms)/4.5_1.0.2
- version/mambo (mambocms)/4.5_1.0.3_beta
- version/mambo (mambocms)/4.5_1.0.3_beta-beta
- version/mambo (mambocms)/4.5_1.0.9
- version/mambo (mambocms)/4.6-rc1
- status/disputed