返回 CVE 浏览器

CVE-2006-4074

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.1640%

EPSS Percentile12.82th

Published2006年8月11日

Last Modified2026年4月16日

Vulnerability Description

PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Affected Platforms (CPE)

📦

Joomla

Jd Wiki

<= 1.0.2

References & Advisories

🔗 http://secunia.com/advisories/21389

🔗 http://www.joomladeveloping.org/component/option%2Ccom_jd-wp/Itemid%2C29/p%2C33/

🔗 http://www.securityfocus.com/bid/19373

🔗 http://www.vupen.com/english/advisories/2006/3192

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/28253

🔗 https://www.exploit-db.com/exploits/2125

🔗 http://secunia.com/advisories/21389

🔗 http://www.joomladeveloping.org/component/option%2Ccom_jd-wp/Itemid%2C29/p%2C33/

相关漏洞威胁

CVE-2015-591110.0

Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknow...

CVE-2020-1516410.0

in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading,...

CVE-2019-150919.8

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.

CVE-2017-10004979.8

Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly ...