CVE-2006-4348

Kochsuite Component 0.9.4 - Remote File Inclusion via mosConfig_absolute_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4348. PoCs published by camino.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Kochsuite v0.9.4, a Mambo/Joomla CMS component. The vulnerability allows an attacker to include arbitrary remote files by manipulating the 'mosConfig_absolute_path' parameter in the 'config.kochsuite.php' file.

Description

PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by camino · textwebappsphp

https://www.exploit-db.com/exploits/2215

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Kochsuite v0.9.4, a Mambo/Joomla CMS component. The vulnerability allows an attacker to include arbitrary remote files by manipulating the 'mosConfig_absolute_path' parameter in the 'config.kochsuite.php' file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Kochsuite v0.9.4

No auth needed

Prerequisites: Access to the vulnerable component via URL

MITRE ATT&CK