PHP Remote File Inclusion Vulnerability in Ecom Solutions VirtueMart Component for Joomla!
CVE-2008-6483

Currently unrated

Key Information:

Vendor: Virtuemart-solutions
Status: Com Googlebase
Vendor: CVE Published:; 18 March 2009

🔔 Create Virtuemart-solutions Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 43%

What is CVE-2008-6483?

The Ecom Solutions VirtueMart Google Base component for Joomla! contains a PHP remote file inclusion vulnerability due to improper handling of user-controlled input in the mosConfig_absolute_path parameter. This flaw enables remote attackers to execute arbitrary PHP code by supplying a malicious URL, potentially compromising the security of the hosting environment. Ensuring updated versions and applying security measures is crucial to protect against this exploit.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-6483 - Proof of Concept

References

http://secunia.com/advisories/32533

third-party-advisoryx_refsource_SECUNIA

https://www.exploit-db.com/exploits/6975

exploitx_refsource_EXPLOIT-DB

http://osvdb.org/49529

vdb-entryx_refsource_OSVDB

EPSS Score

43% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 18, 2009
👾
Exploit known to exist
Mar 18, 2009
Vulnerability published
Mar 18, 2009
Vulnerability Reserved
Mar 18, 2009

CVE-2008-6483 Data

JSON