CyberSec.Space Logo
Back to CVE Browser

CVE-2006-4074

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1640%
EPSS Percentile12.82th
PublishedAug 11, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Affected Platforms (CPE)

πŸ“¦
Joomla

Jd Wiki

<= 1.0.2

References & Advisories

πŸ”— http://secunia.com/advisories/21389
πŸ”— http://www.joomladeveloping.org/component/option%2Ccom_jd-wp/Itemid%2C29/p%2C33/
πŸ”— http://www.securityfocus.com/bid/19373
πŸ”— http://www.vupen.com/english/advisories/2006/3192
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/28253
πŸ”— https://www.exploit-db.com/exploits/2125
πŸ”— http://secunia.com/advisories/21389
πŸ”— http://www.joomladeveloping.org/component/option%2Ccom_jd-wp/Itemid%2C29/p%2C33/

Related Vulnerabilities

CVE-2015-591110.0

Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknow...

CVE-2020-1516410.0

in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading,...

CVE-2019-150919.8

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.

CVE-2017-10004979.8

Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly ...