CVE-2006-4378

{"id": "CVE-2006-4378", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-08-26T21:04:00.000", "references": [{"url": "http://securityreason.com/securityalert/1456", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/28096", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/443628/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/444058/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19593", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue"}, {"lang": "es", "value": "** IMPUGNADA ** M\u00faltiples vulnerabilidades de inclusi\u00f3n remota de archivo en PHP en el componente Rssxt para Joomla! (com_rssxt), posiblemente 2.0 Beta 1 o 1.0 y anteriores, permiten a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro mosConfig_absolute_path en (1) pinger.php, (2) RPC.php, o (3) rssxt.php. NOTA: otro investigador ha impugnado este problema, diciendo que el atacante no puede controlar este par\u00e1metro. Adem\u00e1s, a fecha de 25/8/2006, el investigador original se ha mostrado poco fiable seg\u00fan algunos reportes anteriores. CVE no ha realizado ning\u00fan an\u00e1lisis de seguimiento con respecto a este problema."}], "lastModified": "2024-04-11T00:40:51.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:joomla:rssxt_component:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BDB453C-598C-46B5-9A58-EF3B7AF55B79", "versionEndIncluding": "2.0_beta_1"}, {"criteria": "cpe:2.3:a:joomla:rssxt_component:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "403550AF-3773-4C5A-92C4-74C091C65FFE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}