CVE-2010-2918

NUCLEI

Visites (com_joomla-visites) 1.1 RC2 - Remote Code Execution via mosConfig_absolute_path Parameter

Title source: manual

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-2918. PoCs published by Li0n-PaL, NoGe. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in the Joomla component 'com_joomla-visites'. The vulnerability allows an attacker to include a remote shell by manipulating the 'mosConfig_absolute_path' parameter in the specified PHP file.

Description

PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Li0n-PaL · textwebappsphp

https://www.exploit-db.com/exploits/14476

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in the Joomla component 'com_joomla-visites'. The vulnerability allows an attacker to include a remote shell by manipulating the 'mosConfig_absolute_path' parameter in the specified PHP file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Joomla with com_joomla-visites component

No auth needed

Prerequisites: Access to the vulnerable Joomla component · Remote shell or malicious file hosted on an accessible server

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by NoGe · textwebappsphp

https://www.exploit-db.com/exploits/31708

View Code ZIP pw:eip

This is a writeup describing a remote file inclusion vulnerability in the Visites component for Joomla!. The vulnerability allows an attacker to include arbitrary remote files due to insufficient input sanitization.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Visites component for Joomla! 1.1 RC2

No auth needed

Prerequisites: Access to the target URL

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion

HIGHby daffainfo

References (5)

Core 5

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14476

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28942

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1925

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42025

Exploit x_refsource_misc

http://packetstormsecurity.org/0804-exploits/joomlavisites-rfi.txt

Scores

EPSS 0.0160

EPSS Percentile 82.2%

Details

CWE

CWE-94

Status published

Products (1)

visocrea/com_joomla_visites 1.1 rc2

Published Jul 30, 2010

Tracked Since Feb 18, 2026