CVE-2007-2043
published 2007-04-16CVE-2007-2043: Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.73%
93.1th percentile
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ag-solutions | mosmedia_lite | — | — |
| avant-garde_solutions | mosmedia | <= 1.0.8 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v49g-5r22-m7m9: Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-5362 [HIGH] CWE-94 GHSA-v49g-5r22-m7m9: Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.
GHSA
GHSA-hr3c-5hm5-7f3f: Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1
ghsa_unreviewed·2022-05-01
CVE-2007-2043 [HIGH] GHSA-hr3c-5hm5-7f3f: Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/37433http://osvdb.org/37434http://www.securityfocus.com/bid/23432http://www.vupen.com/english/advisories/2007/1357https://www.exploit-db.com/exploits/3714http://osvdb.org/37433http://osvdb.org/37434http://www.securityfocus.com/bid/23432http://www.vupen.com/english/advisories/2007/1357https://www.exploit-db.com/exploits/3714
2007-04-16
Published