CVE-2008-1849

Mambo/Joomla! <1.6.2 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1849. PoCs published by Houssamix.

AI-analyzed exploit summary This exploit demonstrates a Local Directory Traversal and XSS vulnerability in Joomla and Mambo Component joomlaxplorer version 1.6.0. The directory traversal allows access to sensitive files, while the XSS can execute arbitrary JavaScript.

Description

Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Houssamix · textwebappsphp

https://www.exploit-db.com/exploits/5431

View Code ZIP pw:eip

This exploit demonstrates a Local Directory Traversal and XSS vulnerability in Joomla and Mambo Component joomlaxplorer version 1.6.0. The directory traversal allows access to sensitive files, while the XSS can execute arbitrary JavaScript.

Classification

Working Poc 90%

Attack Type

Info Leak | Xss

Complexity

Trivial

Reliability

Reliable

Target: joomlaXplorer 1.6.0

No auth needed

Prerequisites: Target running joomlaXplorer 1.6.0 · Access to the vulnerable URL

MITRE ATT&CK

T1006 - Direct Volume Access T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/41778

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5431

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28746

Scores

EPSS 0.0267

EPSS Percentile 83.8%

Details

CWE

CWE-22

Status published

Products (1)

joomlacode/joomlaexplorer < 1.6.2

Published Apr 16, 2008

Tracked Since Feb 18, 2026