CVE-2006-4992 - Predatory Tugs

Description

Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php (2) wp-feed.php or (3) wp-trackback.php.

Reference

http://www.babilonics.com/?q=node/1802 http://forum.joomla.org/index.php/topic79477.0.html http://forum.joomla.org/index.php/topic81064.0.html http://www.securityfocus.com/bid/19209 http://www.osvdb.org/28997 http://www.osvdb.org/28998 http://www.osvdb.org/28999