Unrated severityNVD Advisory· Published Aug 5, 2006· Updated Apr 16, 2026
CVE-2006-3995
CVE-2006-3995
Description
Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Affected products
1- cpe:2.3:a:user_home_pages:user_home_pages:0.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- secunia.com/advisories/21305nvdPatchVendor Advisory
- www.ravenswoodit.co.uk/index.phpnvdPatch
- www.osvdb.org/27651nvdExploitPatch
- www.securityfocus.com/bid/19233nvdExploit
- attrition.org/pipermail/vim/2007-March/001457.htmlnvd
- attrition.org/pipermail/vim/2007-March/001458.htmlnvd
- kurdishsecurity.blogspot.com/2006/07/kurdish-security-15-user-home-pges.htmlnvd
- www.osvdb.org/27652nvd
- www.osvdb.org/28111nvd
- www.osvdb.org/28112nvd
- www.osvdb.org/28113nvd
- www.securityfocus.com/bid/23113nvd
- www.vupen.com/english/advisories/2006/3056nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/28080nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/33178nvd
- www.exploit-db.com/exploits/2089nvd
- www.exploit-db.com/exploits/3553nvd
News mentions
0No linked articles in our index yet.