CVE-2006-3340

critical

Description

Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.

References

https://www.exploit-db.com/exploits/1956

http://www.vupen.com/english/advisories/2006/2561

http://www.osvdb.org/27178

http://www.osvdb.org/27177

http://www.osvdb.org/27176

http://www.osvdb.org/27175

http://www.osvdb.org/27174

http://www.osvdb.org/27173

http://www.osvdb.org/27172

http://www.osvdb.org/27171

http://www.osvdb.org/27170

http://www.osvdb.org/27169

http://www.osvdb.org/27168

http://secunia.com/advisories/20819

Details

Source: Mitre, NVD

Published: 2006-07-03

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.08806