CVE-2006-3690

MiniBB Forum 1.5a - Remote File Inclusion via absolute_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3690. PoCs published by Matdhule.

AI-analyzed exploit summary The document describes a remote file inclusion vulnerability in MiniBB Forum Mambo Component <= 1.5a. It explains how the $absolute_path variable is not properly sanitized, allowing attackers to include remote files when register_globals and allow_fopenurl are enabled.

Description

Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Matdhule · textwebappsphp

https://www.exploit-db.com/exploits/2030

View Code ZIP pw:eip

The document describes a remote file inclusion vulnerability in MiniBB Forum Mambo Component <= 1.5a. It explains how the $absolute_path variable is not properly sanitized, allowing attackers to include remote files when register_globals and allow_fopenurl are enabled.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MiniBB Forum Mambo Component <= 1.5a

No auth needed

Prerequisites: register_globals=on · allow_fopenurl=on

MITRE ATT&CK