Vulnerabilities > CVE-2007-2044 - Remote Security vulnerability in Weather Module

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
antonis-ventouris
exploit available
NVD
Published: 2007-04-16
Updated: 2017-10-11

Summary

PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.

Vulnerable Configurations

Part Description Count
Application
Antonis_Ventouris
1

Exploit-Db

descriptionMambo Module Weather (absolute_path) RFI Vulnerability. CVE-2007-2044. Webapps exploit for php platform
fileexploits/php/webapps/3712.txt
idEDB-ID:3712
last seen2016-01-31
modified2007-04-11
platformphp
port
published2007-04-11
reporterCold Zero
sourcehttps://www.exploit-db.com/download/3712/
titleMambo Module Weather absolute_path RFI Vulnerability
typewebapps

References