CVE-2007-0568

MyPHPCommander 2.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0568. PoCs published by Cold Zero.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in MyPHPCommander's package.php by manipulating the gl_root parameter to include a remote file, leading to arbitrary command execution. The PoC demonstrates a direct URL-based attack vector.

Description

PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cold Zero · textwebappsphp

https://www.exploit-db.com/exploits/3201

View Code ZIP pw:eip

This exploit leverages a file inclusion vulnerability in MyPHPCommander's package.php by manipulating the gl_root parameter to include a remote file, leading to arbitrary command execution. The PoC demonstrates a direct URL-based attack vector.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MyPHPCommander (version not specified)

No auth needed

Prerequisites: Target must have MyPHPCommander installed · Remote file inclusion must be enabled on the server

MITRE ATT&CK