CVE-2006-3970
Joomla LMO Component < 1.0b2 - Remote File Inclusion via mosConfig_absolute_path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-3970. PoCs published by vitux.
AI-analyzed exploit summary This exploit leverages an unsanitized variable $mosConfig_absolute_path in the Joomla! LMO component when register_globals is enabled, allowing an attacker to include arbitrary remote files. The PoC demonstrates a simple path manipulation to achieve remote code execution.
Description
PHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Exploits (1)
This exploit leverages an unsanitized variable $mosConfig_absolute_path in the Joomla! LMO component when register_globals is enabled, allowing an attacker to include arbitrary remote files. The PoC demonstrates a simple path manipulation to achieve remote code execution.