CVE-2006-3970 Information

Description

PHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Reference

http://developer.joomla.org/sf/sfmain/do/viewProject/projects.lmo http://forum.joomla.org/index.php/topic100164.0.html http://forum.joomla.org/index.php/topic81590.0.html http://www.vupen.com/english/advisories/2006/3063 https://exchange.xforce.ibmcloud.com/vulnerabilities/28079 https://www.exploit-db.com/exploits/2092