CVE-2007-0804

GGCMS 1.1.0 RC1 and earlier - Directory Traversal and Arbitrary PHP Code Injection via subpageName Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0804. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a file write vulnerability in GGCMS <= v1.1.0 RC1, allowing arbitrary file overwrite via the 'subpageName' parameter in admin/subpages.php. It supports both remote defacement and remote code execution by injecting malicious content into template files.

Description

Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/3271

View Code ZIP pw:eip

This exploit targets a file write vulnerability in GGCMS <= v1.1.0 RC1, allowing arbitrary file overwrite via the 'subpageName' parameter in admin/subpages.php. It supports both remote defacement and remote code execution by injecting malicious content into template files.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: GGCMS v1.1.0 RC1

Auth required

Prerequisites: Access to admin/subpages.php · Valid authentication credentials

MITRE ATT&CK