Mambo: >> Contacts Xtd Component Security Vulnerabilities
PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined
CVSS Score
7.5
EPSS Score
0.007
Published
2006-08-26