This application requires Javascript for optimal performance.

Mambo.VideoDB.Class.PHP.Remote.File.Inclusion

Release Date

Nov 16, 2011

Severity

low

Impact

Compromise of affected system

Description

It indicates a possible exploit of a File Inclusion vulnerability in the VideoDB component for Mambo, that may allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Affected Products

MamboXChange VideoDB Component 0.3en

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2006-3736

Reference/s

http://www.securityfocus.com/bid/19049 (BugTraq)

Reference: VID-29882