CVE-2007-2319

AutoStand < 1.1 - Remote Code Execution via mosConfig_absolute_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2319. PoCs published by Cold Zero.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Joomla Module AutoStand Category <= 1.1. The vulnerability allows an attacker to include arbitrary remote files via the 'mosConfig_absolute_path' parameter, leading to potential remote code execution.

Description

PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cold Zero · textwebappsphp

https://www.exploit-db.com/exploits/3734

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in Joomla Module AutoStand Category <= 1.1. The vulnerability allows an attacker to include arbitrary remote files via the 'mosConfig_absolute_path' parameter, leading to potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Joomla Module AutoStand Category <= 1.1

No auth needed

Prerequisites: Network access to the target Joomla installation · The vulnerable module must be installed and accessible

MITRE ATT&CK