CVE-2007-5410

Joomla Flash RSS Reader Component - Remote Code Execution via mosConfig_live_site Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5410. PoCs published by Cyber-Crime.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Webmaster-Tips.net Joomla! RSS Feed Reader due to insufficient input sanitization. An attacker can manipulate the 'mosConfig_live_site' parameter to include arbitrary remote files, potentially leading to remote code execution.

Description

PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cyber-Crime · textwebappsphp

https://www.exploit-db.com/exploits/30651

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in Webmaster-Tips.net Joomla! RSS Feed Reader due to insufficient input sanitization. An attacker can manipulate the 'mosConfig_live_site' parameter to include arbitrary remote files, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Webmaster-Tips.net Joomla! RSS Feed Reader (version not specified)

No auth needed

Prerequisites: Access to the vulnerable component via URL

MITRE ATT&CK