CVE-2019-25758

HIGH

Joomla! Component vBizz 1.0.7 Remote Code Execution

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25758. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates a file upload vulnerability in Joomla! Component vBizz 1.0.7, allowing remote code execution by uploading a malicious PHP file via a crafted POST request. The uploaded file is then accessed to execute arbitrary code.

Description

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and execute them from the uploads directory to achieve remote code execution.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/46224

View Code ZIP pw:eip

This exploit demonstrates a file upload vulnerability in Joomla! Component vBizz 1.0.7, allowing remote code execution by uploading a malicious PHP file via a crafted POST request. The uploaded file is then accessed to execute arbitrary code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Joomla! Component vBizz 1.0.7

Auth required

Prerequisites: Valid Joomla session cookie · Access to the employee edit page

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Jun 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46224

https://www.exploit-db.com/exploits/46224

Product product

Official Product Homepage

http://wdmtech.com/

Product product

Product Reference

https://extensions.joomla.org/extensions/extension/marketing/crm/vbizz/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Joomla! Component vBizz 1.0.7 Remote Code Execution

https://www.vulncheck.com/advisories/joomla-component-vbizz-remote-code-execution

Scores

CVSS v3 8.8

EPSS 0.0067

EPSS Percentile 47.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

Wdmtech/vBizz 1.0.7

Published Jun 19, 2026

Tracked Since Jun 19, 2026