Vulnerability Database
296,760
Total vulnerabilities in the database
CVE-2006-4286
PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate
| Software | From | Fixed in |
|---|---|---|
| mambo / mambo | 4.6-rc1 | 4.6-rc1.x |
| mambo / mambo | 4.5_1.0.1 | 4.5_1.0.1.x |
| mambo / mambo | 4.5.2 | 4.5.2.x |
| mambo / mambo | 4.5_1.0.3_beta | 4.5_1.0.3_beta.x |
| mambo / mambo | 4.5.0.2 | 4.5.0.2.x |
| mambo / mambo | 4.5.2.2 | 4.5.2.2.x |
| mambo / mambo | 4.5.1_1.0.9 | 4.5.1_1.0.9.x |
| mambo / mambo | 4.5.2.3 | 4.5.2.3.x |
| mambo / mambo | 4.5.3h-h | 4.5.3h-h.x |
| mambo / mambo | 4.5_1.0.3_beta-beta | 4.5_1.0.3_beta-beta.x |
| mambo / mambo | 4.5.1a-beta | 4.5.1a-beta.x |
| mambo / mambo | 4.5_1.0.0 | 4.5_1.0.0.x |
| mambo / mambo | 4.5.1a | 4.5.1a.x |
| mambo / mambo | 4.5.3h | 4.5.3h.x |
| mambo / mambo | 4.5.1a-a | 4.5.1a-a.x |
| mambo / mambo | 4.5.1a-beta_2 | 4.5.1a-beta_2.x |
| mambo / mambo | 4.5.2.1 | 4.5.2.1.x |
| mambo / mambo | 4.0.14 | 4.0.14.x |
| mambo / mambo | 4.5.1.3 | 4.5.1.3.x |
| mambo / mambo | 4.5_1.0.2 | 4.5_1.0.2.x |
| mambo / mambo | 4.5_1.0.9 | 4.5_1.0.9.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime