CVE-2006-4553

Description

PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Affected products

• Joomla! / com_comprofiler_component1.0_rc2 – 1.0_rc2
• Mambo / com_comprofiler_component1.0_rc2 – 1.0_rc2

References

• MISChttp://securityreason.com/securityalert/1491
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/28596
• MISChttp://www.securityfocus.com/archive/1/444425/100/0/threaded
• MISChttp://www.securityfocus.com/bid/19725
• VENDOR_ADVISORYhttp://secunia.com/advisories/21636