CVE-2006-4270

mambelfish_component < 1.1 - Remote Code Execution via mosConfig_absolute_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4270. PoCs published by mdx.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in the Mambo CMS com_mambelfish component. The vulnerability allows an attacker to include arbitrary remote files by manipulating the mosConfig_absolute_path parameter.

Description

PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mdx · textwebappsphp

https://www.exploit-db.com/exploits/2202

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in the Mambo CMS com_mambelfish component. The vulnerability allows an attacker to include arbitrary remote files by manipulating the mosConfig_absolute_path parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mambo CMS with com_mambelfish component

No auth needed

Prerequisites: Target must have the vulnerable com_mambelfish component installed · Remote file inclusion must be enabled on the target server

MITRE ATT&CK