CVE-2007-0635
EncapsCMS 0.3.6 - Remote File Inclusion via config[path] or config[theme] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-0635. PoCs published by Tr_ZiNDaN.
AI-analyzed exploit summary The exploit demonstrates a remote file inclusion vulnerability in EncapsCMS 0.3.6 due to insufficient sanitization of the 'config[path]' parameter in 'common_foot.php'. An attacker can include arbitrary remote or local files, potentially leading to remote code execution.
Description
Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.
Exploits (1)
The exploit demonstrates a remote file inclusion vulnerability in EncapsCMS 0.3.6 due to insufficient sanitization of the 'config[path]' parameter in 'common_foot.php'. An attacker can include arbitrary remote or local files, potentially leading to remote code execution.