CVE-2006-3530

Joomla pc_cookbook - Remote Code Execution via mosConfig_absolute_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3530. PoCs published by Matdhule.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in the pc_cookbook Joomla component (v0.3 or earlier). The vulnerability allows an attacker to include and execute arbitrary remote code by manipulating the 'mosConfig_absolute_path' parameter.

Description

PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.php in the PccookBook Component for Mambo and Joomla 0.3 and possibly up to 1.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Matdhule · textwebappsphp

https://www.exploit-db.com/exploits/2024

View Code ZIP pw:eip

This exploit demonstrates a Remote File Include (RFI) vulnerability in the pc_cookbook Joomla component (v0.3 or earlier). The vulnerability allows an attacker to include and execute arbitrary remote code by manipulating the 'mosConfig_absolute_path' parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: pc_cookbook Joomla Component <= v0.3

No auth needed

Prerequisites: Target must have the vulnerable pc_cookbook component installed · Remote file inclusion must be enabled on the target server

MITRE ATT&CK