CVE-2006-0871

Mambo 4.5.3, 4.5.3h - Path Traversal via mos_change_template Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0871. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in Mambo CMS, including SQL injection, authentication bypass, and local file inclusion. It provides code snippets, exploitation techniques, and mitigation advice.

Description

Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43835

View Code ZIP pw:eip

This is a detailed technical analysis of multiple vulnerabilities in Mambo CMS, including SQL injection, authentication bypass, and local file inclusion. It provides code snippets, exploitation techniques, and mitigation advice.

Classification

Writeup 100%

Attack Type

Sqli | Auth Bypass | Other

Complexity

Trivial

Reliability

Reliable

Target: Mambo CMS <= 4.5.3h

No auth needed

Prerequisites: Target running Mambo CMS <= 4.5.3h · Magic quotes disabled in PHP environment

MITRE ATT&CK