CVE-2007-5412

Quoc-Huy MP3 Allopass 1.0 - Remote Code Execution via mosConfig_live_site Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5412. PoCs published by NoGe.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in the Joomla component com_mp3_allopass. The vulnerability allows an attacker to include arbitrary remote files by manipulating the mosConfig_live_site parameter in the vulnerable PHP files.

Description

Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 Allopass (com_mp3_allopass) 1.0 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter to (1) allopass.php and (2) allopass-error.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NoGe · textwebappsphp

https://www.exploit-db.com/exploits/4507

View Code ZIP pw:eip

This exploit demonstrates a Remote File Include (RFI) vulnerability in the Joomla component com_mp3_allopass. The vulnerability allows an attacker to include arbitrary remote files by manipulating the mosConfig_live_site parameter in the vulnerable PHP files.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Joomla com_mp3_allopass component

No auth needed

Prerequisites: Target must have the vulnerable com_mp3_allopass component installed · Remote file inclusion must be enabled on the target server

MITRE ATT&CK