CVE-2007-5457

Joomla Flash Uploader 2.5.1 - Remote Code Execution via mosConfig_absolute_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5457. PoCs published by mdx.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in Joomla's com_joomla_flash_uploader component. It allows an attacker to include arbitrary remote files by manipulating the mosConfig_absolute_path parameter in the install and uninstall scripts.

Description

Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mdx · textwebappsphp

https://www.exploit-db.com/exploits/4521

View Code ZIP pw:eip

This exploit demonstrates a Remote File Include (RFI) vulnerability in Joomla's com_joomla_flash_uploader component. It allows an attacker to include arbitrary remote files by manipulating the mosConfig_absolute_path parameter in the install and uninstall scripts.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Joomla com_joomla_flash_uploader 2.5.1, 2.5.2

No auth needed

Prerequisites: Network access to the target Joomla installation · Remote file inclusion must be enabled on the server

MITRE ATT&CK