CVE-2006-4553

com_comprofiler Component - Remote Code Execution via mosConfig_absolute_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4553. PoCs published by Matdhule.

AI-analyzed exploit summary The exploit describes a remote file inclusion vulnerability in the Mambo and Joomla com_comprofiler component due to improper input sanitization. An attacker can include arbitrary remote files containing malicious PHP code, leading to remote code execution in the context of the webserver process.

Description

PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Matdhule · textwebappsphp

https://www.exploit-db.com/exploits/28437

View Code ZIP pw:eip

The exploit describes a remote file inclusion vulnerability in the Mambo and Joomla com_comprofiler component due to improper input sanitization. An attacker can include arbitrary remote files containing malicious PHP code, leading to remote code execution in the context of the webserver process.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mambo and Joomla com_comprofiler component 1.0 RC2

No auth needed

Prerequisites: Network access to the target web application · Ability to host a malicious file on a remote server

MITRE ATT&CK