CVE-2006-4156

pearlabs mafia_moblog < 6 - Remote File Inclusion via pathtotemplate Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4156. PoCs published by sh3ll.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Mafia Moblog version 6, where the 'pathtotemplate' parameter in 'big.php' is not properly sanitized. However, the BID is retired as further analysis revealed the variable is defined prior to use, mitigating the vulnerability.

Description

PHP remote file inclusion vulnerability in big.php in pearlabs mafia moblog 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtotemplate parameter. NOTE: a third party claims that the researcher is incorrect, because template.php defines pathtotemplate before big.php uses pathtotemplate. CVE has not verified either claim, but during August 2006, the original researcher made several significant errors regarding this bug type

Exploits (1)

exploitdb WRITEUP VERIFIED
by sh3ll · textwebappsphp
https://www.exploit-db.com/exploits/28370

The provided text describes a remote file inclusion vulnerability in Mafia Moblog version 6, where the 'pathtotemplate' parameter in 'big.php' is not properly sanitized. However, the BID is retired as further analysis revealed the variable is defined prior to use, mitigating the vulnerability.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Mafia Moblog version 6
No auth needed
Prerequisites: Access to the target URL · Ability to host a malicious PHP script on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19458
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/442867/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1391
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/443153/100/0/threaded

Scores

EPSS 0.0243
EPSS Percentile 82.2%

Details

Status published
Products (1)
pearlabs/mafia_moblog < 6
Published Aug 16, 2006
Tracked Since Feb 18, 2026