QwikSec

Security Database

CVE

CWE

Training

CVE-2006-3847

Published: Jul 25, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the basedir parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20060723 [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla]

mailing-list

x_refsource_BUGTRAQ

mospray-admin-file-include(27917)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.