CVE-2007-0314

Article System 1.0 - Remote File Inclusion via INCLUDE_DIR Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0314. PoCs published by 3l3ctric-Cracker.

AI-analyzed exploit summary This exploit demonstrates a file inclusion vulnerability in Article System 1.0, allowing remote attackers to include arbitrary files via the INCLUDE_DIR parameter in multiple scripts. The PoC provides specific URLs to trigger the vulnerability.

Description

Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by 3l3ctric-Cracker · textwebappsphp

https://www.exploit-db.com/exploits/3114

View Code ZIP pw:eip

This exploit demonstrates a file inclusion vulnerability in Article System 1.0, allowing remote attackers to include arbitrary files via the INCLUDE_DIR parameter in multiple scripts. The PoC provides specific URLs to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Article System 1.0

No auth needed

Prerequisites: Network access to the target · Ability to host a malicious file on a remote server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/31446

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3114

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22017

Scores

EPSS 0.0234

EPSS Percentile 81.4%

Details

Status published

Products (1)

article_system/article_system 1.0

Published Jan 18, 2007

Tracked Since Feb 18, 2026