CVE-2006-4992 Information

Description

Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php (2) wp-feed.php or (3) wp-trackback.php.

Reference

http://forum.joomla.org/index.php/topic79477.0.html http://forum.joomla.org/index.php/topic81064.0.html http://www.babilonics.com/?q=node/1802 http://www.osvdb.org/28997 http://www.osvdb.org/28998 http://www.osvdb.org/28999 http://www.securityfocus.com/bid/19209