Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pearlinger | Pearl For Mambo | 1.5 |
References
- http://secunia.com/advisories/20819Vendor Advisory
- http://www.osvdb.org/27168
- http://www.osvdb.org/27169
- http://www.osvdb.org/27170
- http://www.osvdb.org/27171
- http://www.osvdb.org/27172
- http://www.osvdb.org/27173
- http://www.osvdb.org/27174
- http://www.osvdb.org/27175
- http://www.osvdb.org/27176
- http://www.osvdb.org/27177
- http://www.osvdb.org/27178
- http://www.securityfocus.com/bid/18690Exploit
- http://www.vupen.com/english/advisories/2006/2561
- https://www.exploit-db.com/exploits/1956
FAQ
What is CVE-2006-3340?
CVE-2006-3340 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_roo...
How severe is CVE-2006-3340?
CVE-2006-3340 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3340?
Check the references section above for vendor advisories and patch information. Affected products include: Pearlinger Pearl For Mambo.