CVE-2008-2905

Mambo < 4.6.4 - Remote Code Execution via mosConfig_absolute_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2008-2905. PoCs published by Metasploit, MC, irk4z, including Metasploit module exploits/unix/webapp/mambo_cache_lite.

AI-analyzed exploit summary This is a Metasploit module exploiting a remote file inclusion vulnerability in Mambo CMS (CVE-2008-2905). It leverages the `mosConfig_absolute_path` parameter in `Output.php` to include a malicious PHP payload, leading to remote code execution.

Description

PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/16912

View Code ZIP pw:eip

This is a Metasploit module exploiting a remote file inclusion vulnerability in Mambo CMS (CVE-2008-2905). It leverages the `mosConfig_absolute_path` parameter in `Output.php` to include a malicious PHP payload, leading to remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mambo CMS 4.6.4 and earlier

No auth needed

Prerequisites: Network access to the target Mambo CMS instance · PHP include functionality enabled on the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by MC · rubywebappsphp

https://www.exploit-db.com/exploits/9906

View Code ZIP pw:eip

This is a Metasploit module exploiting a remote file inclusion vulnerability in Mambo CMS via the Cache_Lite package. It leverages the mosConfig_absolute_path parameter to include a remote PHP payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mambo CMS 4.6.4 and earlier

No auth needed

Prerequisites: Network access to the target · PHP remote file inclusion vulnerability in Mambo CMS

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by irk4z · textwebappsphp

https://www.exploit-db.com/exploits/5808

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Mambo CMS <= 4.6.4. The vulnerability exists in the `Output.php` file due to improper handling of the `mosConfig_absolute_path` parameter, allowing an attacker to include arbitrary remote files.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mambo CMS <= 4.6.4

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to reach the target server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by MC · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/mambo_cache_lite.rb

View Code ZIP pw:eip

This Metasploit module exploits a remote file inclusion vulnerability in Mambo CMS by manipulating the `mosConfig_absolute_path` parameter in the Cache_Lite package. It sends a crafted HTTP request to include a remote PHP payload, leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mambo CMS 4.6.4 and earlier

No auth needed

Prerequisites: Network access to the target · PHP include functionality enabled on the server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5808

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30685

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29716

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1020295

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/43101

Scores

EPSS 0.7217

EPSS Percentile 98.8%

Details

CWE

CWE-94

Status published

Products (23)

mambo/mambo 4.0.14

mambo/mambo 4.5

mambo/mambo 4.5.0.2

mambo/mambo 4.5.1.3

mambo/mambo 4.5.1_1.0.9

mambo/mambo 4.5.1_beta

mambo/mambo 4.5.1_beta2

mambo/mambo 4.5.1a

mambo/mambo 4.5.2

mambo/mambo 4.5.2.1

... and 13 more

Published Jun 30, 2008

Tracked Since Feb 18, 2026