Vulnerabilities > CVE-2007-1596 - Remote File Include vulnerability in NFN Address Book mosConfig_Absolute_Path

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

joomla

mambo

critical

exploit available

NVD

Published: 2007-03-22

Updated: 2017-10-11

Summary

Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.

Vulnerable Configurations

Part	Description	Count
Application	Joomla Joomla NFN Address Book 0.4	1
Application	Mambo Mambo NFN Address Book 0.4	1

Exploit-Db

description	Mambo Component nfnaddressbook 0.4 Remote File Inclusion Vulnerability. CVE-2007-1596. Webapps exploit for php platform
file	exploits/php/webapps/3539.txt
id	EDB-ID:3539
last seen	2016-01-31
modified	2007-03-21
platform	php
port
published	2007-03-21
reporter	Cold Zero
source	https://www.exploit-db.com/download/3539/
title	mambo component nfnaddressbook 0.4 - Remote File Inclusion Vulnerability
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References