Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation14 reference(s) from NVD