CVE-2006-4242

Joomla/Mambo JIM 1.0.1 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4242. PoCs published by Mehmet Ince.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in the Mambo CMS 'jim' component. The vulnerability allows an attacker to include arbitrary remote files via the 'mosConfig_absolute_path' parameter in 'install.jim.php'.

Description

PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mehmet Ince · textwebappsphp

https://www.exploit-db.com/exploits/2203

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in the Mambo CMS 'jim' component. The vulnerability allows an attacker to include arbitrary remote files via the 'mosConfig_absolute_path' parameter in 'install.jim.php'.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mambo CMS with 'jim' component

No auth needed

Prerequisites: Target must have the vulnerable 'jim' component installed · Remote file inclusion must be enabled on the server

MITRE ATT&CK