CVE-2006-4286 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2006-4286

Deferred

More Info Official Page

Source-cve@mitre.org

Published At-22 Aug, 2006 | 17:04

Updated At-03 Apr, 2025 | 01:03

PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

>>mambo>>4.0.14

cpe:2.3:a:mambo:mambo:4.0.14:*:*:*:*:*:*:*

>>mambo>>4.5.0.2

cpe:2.3:a:mambo:mambo:4.5.0.2:*:*:*:*:*:*:*

>>mambo>>4.5.1.3

cpe:2.3:a:mambo:mambo:4.5.1.3:*:*:*:*:*:*:*

>>mambo>>4.5.1_1.0.9

cpe:2.3:a:mambo:mambo:4.5.1_1.0.9:*:*:*:*:*:*:*

>>mambo>>4.5.1a

cpe:2.3:a:mambo:mambo:4.5.1a:*:*:*:*:*:*:*

>>mambo>>4.5.1a

cpe:2.3:a:mambo:mambo:4.5.1a:a:*:*:*:*:*:*

>>mambo>>4.5.1a

cpe:2.3:a:mambo:mambo:4.5.1a:beta:*:*:*:*:*:*

>>mambo>>4.5.1a

cpe:2.3:a:mambo:mambo:4.5.1a:beta_2:*:*:*:*:*:*

>>mambo>>4.5.2

cpe:2.3:a:mambo:mambo:4.5.2:*:*:*:*:*:*:*

>>mambo>>4.5.2.1

cpe:2.3:a:mambo:mambo:4.5.2.1:*:*:*:*:*:*:*

>>mambo>>4.5.2.2

cpe:2.3:a:mambo:mambo:4.5.2.2:*:*:*:*:*:*:*

>>mambo>>4.5.2.3

cpe:2.3:a:mambo:mambo:4.5.2.3:*:*:*:*:*:*:*

>>mambo>>4.5.3h

cpe:2.3:a:mambo:mambo:4.5.3h:*:*:*:*:*:*:*

>>mambo>>4.5.3h

cpe:2.3:a:mambo:mambo:4.5.3h:h:*:*:*:*:*:*

>>mambo>>4.5_1.0.0

cpe:2.3:a:mambo:mambo:4.5_1.0.0:*:*:*:*:*:*:*

>>mambo>>4.5_1.0.1

cpe:2.3:a:mambo:mambo:4.5_1.0.1:*:*:*:*:*:*:*

>>mambo>>4.5_1.0.2

cpe:2.3:a:mambo:mambo:4.5_1.0.2:*:*:*:*:*:*:*

>>mambo>>4.5_1.0.3_beta

cpe:2.3:a:mambo:mambo:4.5_1.0.3_beta:*:*:*:*:*:*:*

>>mambo>>4.5_1.0.3_beta

cpe:2.3:a:mambo:mambo:4.5_1.0.3_beta:beta:*:*:*:*:*:*

>>mambo>>4.5_1.0.9

cpe:2.3:a:mambo:mambo:4.5_1.0.9:*:*:*:*:*:*:*

>>mambo>>4.6

cpe:2.3:a:mambo:mambo:4.6:rc1:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://securityreason.com/securityalert/1431	cve@mitre.org	N/A
http://www.osvdb.org/28093	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/443626/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/444244/100/0/threaded	cve@mitre.org	N/A
http://securityreason.com/securityalert/1431	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.osvdb.org/28093	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/443626/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/444244/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://securityreason.com/securityalert/1431

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.osvdb.org/28093

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/443626/100/0/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/444244/100/0/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://securityreason.com/securityalert/1431

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.osvdb.org/28093

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/443626/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/444244/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A