CVE-2006-4282

MamboWiki 0.9.6 - Remote File Inclusion via IP Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4282. PoCs published by camino.

AI-analyzed exploit summary This is a writeup detailing a Remote File Inclusion (RFI) vulnerability in MamboWiki <= v0.9.6. The exploit involves manipulating the 'IP' parameter in MamboLogin.php to include remote files, potentially leading to arbitrary code execution.

Description

PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by camino · textwebappsphp

https://www.exploit-db.com/exploits/2213

View Code ZIP pw:eip

This is a writeup detailing a Remote File Inclusion (RFI) vulnerability in MamboWiki <= v0.9.6. The exploit involves manipulating the 'IP' parameter in MamboLogin.php to include remote files, potentially leading to arbitrary code execution.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MamboWiki <= v0.9.6

No auth needed

Prerequisites: Target must have MamboWiki <= v0.9.6 installed · Remote file inclusion must be enabled on the target server

MITRE ATT&CK