PHP Remote File Inclusion Vulnerability in RS Gallery2 for Joomla!
CVE-2006-6962

Currently unrated

Key Information:

Vendor: Joomla
Status: Rs Gallery2
Vendor: CVE Published:; 29 January 2007

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2006-6962?

The RS Gallery2 component for Joomla! has a PHP remote file inclusion vulnerability located in the rsgallery2.html.php file. An attacker can exploit this flaw by manipulating the mosConfig_absolute_path parameter, which can lead to the execution of arbitrary PHP code on the server. This vulnerability highlights the importance of securing parameters in user inputs to prevent code execution attacks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-6962 - Proof of Concept

References

https://www.exploit-db.com/exploits/1959

exploitx_refsource_EXPLOIT-DB

http://www.vupen.com/english/advisories/2006/2581

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/27418

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 29, 2007
👾
Exploit known to exist
Jan 29, 2007
Vulnerability published
Jan 29, 2007
Vulnerability Reserved
Jan 29, 2007

CVE-2006-6962 Data

JSON