CVE-2006-4322
published 2006-08-24CVE-2006-4322: PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.47%
82.5th percentile
PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Shop-Script - Multiple HTTP Response Splitting Vulnerabilities
exploitdb·2006-10-23
CVE-2006-5566 Shop-Script - Multiple HTTP Response Splitting Vulnerabilities
Shop-Script - Multiple HTTP Response Splitting Vulnerabilities
---
source: https://www.securityfocus.com/bid/20685/info
Shop-Script is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
[Request Header]
POST /premium/index.php?links_exchange=%0d%0aFakeHeader:Fake_Custom_Header
HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET
CLR 1.1.4322)
Host: www.example.comhttp://www.shop-script-demo.com/
Cont
Exploit-DB
Mambo Component EstateAgent 1.0.2 - MosConfig_absolute_path Remote File Inclusion
exploitdb·2006-08-21
CVE-2006-4322 Mambo Component EstateAgent 1.0.2 - MosConfig_absolute_path Remote File Inclusion
Mambo Component EstateAgent 1.0.2 - MosConfig_absolute_path Remote File Inclusion
---
source: https://www.securityfocus.com/bid/19625/info
The Mambo EstateAgent component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
This BID has been retired because this issue is not exploitable.
http://www.example.com/com_estateagent/estateagent.php?mosConfig_absolute_path=shell
No writeups or analysis indexed.
http://www.attrition.org/pipermail/vim/2006-August/000984.htmlhttp://www.securityfocus.com/archive/1/443911/100/0/threadedhttp://www.securityfocus.com/bid/19625http://www.attrition.org/pipermail/vim/2006-August/000984.htmlhttp://www.securityfocus.com/archive/1/443911/100/0/threadedhttp://www.securityfocus.com/bid/19625
2006-08-24
Published