CVE-2007-0307

Poplar Gedcom Viewer < 2.0 - Remote File Inclusion via env[rootPath] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0307. PoCs published by GoLd_M.

AI-analyzed exploit summary This is a writeup describing a local file inclusion vulnerability in Poplar Gedcom Viewer v2.0 final. The vulnerability allows remote attackers to include arbitrary files via the 'env[rootPath]' parameter in '/include/common.php'.

Description

PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/3121

View Code ZIP pw:eip

This is a writeup describing a local file inclusion vulnerability in Poplar Gedcom Viewer v2.0 final. The vulnerability allows remote attackers to include arbitrary files via the 'env[rootPath]' parameter in '/include/common.php'.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Poplar Gedcom Viewer v2.0 final

No auth needed

Prerequisites: access to the vulnerable endpoint

MITRE ATT&CK