Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
high complexity
pearlinger
exploit available
Published: 2006-07-03
Updated: 2017-10-19
Summary
Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.
Vulnerable Configurations
Exploit-Db
description | Pearl For Mambo <= 1.6 Multiple Remote File Include Vulnerabilities. CVE-2006-3340. Webapps exploit for php platform |
file | exploits/php/webapps/1956.txt |
id | EDB-ID:1956 |
last seen | 2016-01-31 |
modified | 2006-06-27 |
platform | php |
port | |
published | 2006-06-27 |
reporter | Kw3[R]Ln |
source | https://www.exploit-db.com/download/1956/ |
title | Pearl For Mambo <= 1.6 - Multiple Remote File Include Vulnerabilities |
type | webapps |