📦

contacts_xtd_component

Vendor: mambo

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 0 Code Available
Total RCEs 0 Remote Access
Total CVEs 1 Total Indexed
Avg. EPSS 1.40% Exploit Prob.
Latest CVE CVE-2006-4375 Aug 26

Security Vulnerability Index

Page 1 / 1
7.5 CVSS
CVE-2006-4375

PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined

EPSS: 1.40%