CVE-2006-5519

MambWeather < 1.8.1 - Remote Code Execution via mosConfig_absolute_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5519. PoCs published by h4ntu.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in MambWeather module for Mambo CMS. The vulnerability allows an attacker to include arbitrary remote files by manipulating the 'mosConfig_absolute_path' parameter.

Description

PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by h4ntu · textwebappsphp

https://www.exploit-db.com/exploits/2613

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in MambWeather module for Mambo CMS. The vulnerability allows an attacker to include arbitrary remote files by manipulating the 'mosConfig_absolute_path' parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mambo CMS with MambWeather module version 1.8.1

No auth needed

Prerequisites: Target must have Mambo CMS with vulnerable MambWeather module installed · Remote file inclusion must be enabled on the server

MITRE ATT&CK