CVE-2007-4923

Joomla Radio 5 - Remote Code Execution via mosConfig_live_site Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4923. PoCs published by Morgan.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Joomla Radio v5. The vulnerability is due to improper sanitization of the $mosConfig_live_site variable in admin.joomlaradiov5.php, allowing an attacker to include and execute remote malicious code.

Description

PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Morgan · textwebappsphp

https://www.exploit-db.com/exploits/4401

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Joomla Radio v5. The vulnerability is due to improper sanitization of the $mosConfig_live_site variable in admin.joomlaradiov5.php, allowing an attacker to include and execute remote malicious code.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Joomla Radio v5 Component

No auth needed

Prerequisites: Remote server hosting malicious code · Network access to the target Joomla installation

MITRE ATT&CK