CVE-2007-0677

Cadre PHP Framework <20020724 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0677. PoCs published by y3dips.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Cadre's class.Quick_Config_Browser.php. An attacker can inject a remote PHP shell by manipulating the GLOBALS[config][framework_path] parameter.

Description

PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by y3dips · textwebappsphp

https://www.exploit-db.com/exploits/3237

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in Cadre's class.Quick_Config_Browser.php. An attacker can inject a remote PHP shell by manipulating the GLOBALS[config][framework_path] parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Cadre PHP framework (version up to 20020724)

No auth needed

Prerequisites: Remote PHP shell accessible via URL

MITRE ATT&CK