CVE-2009-3333

alibasta com_koesubmit - Remote Code Execution via mosConfig_absolute_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3333. PoCs published by Don Tukulesto.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Mambo com_koesubmit 1.0.0 by manipulating the 'mosConfig_absolute_path' parameter to include arbitrary remote files.

Description

PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Don Tukulesto · textwebappsmultiple

https://www.exploit-db.com/exploits/9714

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Mambo com_koesubmit 1.0.0 by manipulating the 'mosConfig_absolute_path' parameter to include arbitrary remote files.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mambo com_koesubmit 1.0.0

No auth needed

Prerequisites: Target must have the vulnerable component installed · Remote file inclusion must be enabled on the server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/36447

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9714

Scores

EPSS 0.0200

EPSS Percentile 78.2%

Details

CWE

CWE-94

Status published

Products (1)

alibasta/com_koesubmit 1.0

Published Sep 23, 2009

Tracked Since Feb 18, 2026