CVE-2007-1596

NFN Address Book - Remote File Inclusion via mosConfig_absolute_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1596. PoCs published by Cold Zero.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in MAMBO & Joomla NFN Address Book v0.4. The vulnerability allows an attacker to include and execute arbitrary remote scripts by manipulating the `mosConfig_absolute_path` parameter in `nfnaddressbook.php`.

Description

Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cold Zero · textwebappsphp

https://www.exploit-db.com/exploits/3539

View Code ZIP pw:eip

This exploit demonstrates a Remote File Include (RFI) vulnerability in MAMBO & Joomla NFN Address Book v0.4. The vulnerability allows an attacker to include and execute arbitrary remote scripts by manipulating the `mosConfig_absolute_path` parameter in `nfnaddressbook.php`.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MAMBO & Joomla NFN Address Book v0.4

No auth needed

Prerequisites: Remote script hosting · Target server with vulnerable software

MITRE ATT&CK