CVE-2009-2637
published 2009-07-28CVE-2009-2637: PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.29%
81.0th percentile
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ordasoft | com_booklibrary | — | — |
| ordasoft | com_booklibrary | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gvqg-72g2-c5mx: PHP remote file inclusion vulnerability in toolbar_ext
ghsa_unreviewed·2022-05-02
CVE-2009-2637 [HIGH] CWE-94 GHSA-gvqg-72g2-c5mx: PHP remote file inclusion vulnerability in toolbar_ext
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
GHSA
GHSA-q337-fq3f-wpxq: PHP remote file inclusion vulnerability in doc/releasenote
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-3817 [HIGH] CWE-94 GHSA-q337-fq3f-wpxq: PHP remote file inclusion vulnerability in doc/releasenote
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
No detection rules found.
No writeups or analysis indexed.
2009-07-28
Published