Vulnerabilities > CVE-2006-3340 - Remote File Include vulnerability in Pearl For Mambo Module

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
pearlinger
exploit available

Summary

Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.

Vulnerable Configurations

Part Description Count
Application
Pearlinger
2

Exploit-Db

descriptionPearl For Mambo <= 1.6 Multiple Remote File Include Vulnerabilities. CVE-2006-3340. Webapps exploit for php platform
fileexploits/php/webapps/1956.txt
idEDB-ID:1956
last seen2016-01-31
modified2006-06-27
platformphp
port
published2006-06-27
reporterKw3[R]Ln
sourcehttps://www.exploit-db.com/download/1956/
titlePearl For Mambo <= 1.6 - Multiple Remote File Include Vulnerabilities
typewebapps