CVE-2007-0797

bluevirus-design SMA-DB <0.3.9 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0797. PoCs published by ThE dE@Th.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in the `settings.php` file by manipulating the `pfad_z` parameter to include a remote shell. The vulnerability arises from improper input validation in the `include_once` function.

Description

PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ThE dE@Th · textwebappsphp

https://www.exploit-db.com/exploits/3268

View Code ZIP pw:eip

This exploit leverages a file inclusion vulnerability in the `settings.php` file by manipulating the `pfad_z` parameter to include a remote shell. The vulnerability arises from improper input validation in the `include_once` function.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Unknown (likely a PHP-based web application with a vulnerable `settings.php` file)

No auth needed

Prerequisites: A vulnerable web application with the specified `settings.php` file · Ability to host a malicious shell on a remote server

MITRE ATT&CK