Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2007-10-10 18:17
Updated : 2017-07-28 18:33
NVD link : CVE-2007-5362
Mitre link : CVE-2007-5362
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
ag-solutions
- mosmedia_lite
joomla
- joomla
mambo
- mambo