CVE-2006-4476
Last modified
CVE-2006-4476 is a vulnerability of currently unknown severity. Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.. EPSS estimates a 1.32% chance of exploitation in the next 30 days.
Description
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Joomla | Joomla | <= 1.0.10 |
| Joomla | Joomla | 1.0.9 |
References
- http://secunia.com/advisories/21666Vendor Advisory
- http://secunia.com/advisories/21666Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4476?
How severe is CVE-2006-4476?
How do I fix CVE-2006-4476?
Are you affected by CVE-2006-4476?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST