CVE-2006-3969

Colophon < 1.2 - Remote Code Execution via mosConfig_absolute_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3969. PoCs published by Drago84.

AI-analyzed exploit summary This exploit leverages a Remote File Inclusion (RFI) vulnerability in Mambo's Colophon component (version <=1.2) via the `mosConfig_absolute_path` parameter in `admin.colophon.php`. The attacker can execute arbitrary commands by injecting a malicious URL pointing to a remote shell.

Description

PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Drago84 · textwebappsphp

https://www.exploit-db.com/exploits/2085

View Code ZIP pw:eip

This exploit leverages a Remote File Inclusion (RFI) vulnerability in Mambo's Colophon component (version <=1.2) via the `mosConfig_absolute_path` parameter in `admin.colophon.php`. The attacker can execute arbitrary commands by injecting a malicious URL pointing to a remote shell.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mambo Colophon <=1.2

No auth needed

Prerequisites: Target must have the vulnerable Mambo Colophon component installed · Remote file inclusion must be enabled on the server

MITRE ATT&CK