CVE-2007-0839
Valarsoft WebMatic 2.6 - Remote File Inclusion via P_LIB or P_INDEX Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-0839. PoCs published by MadNet.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in WebMatic 2.6, where the `P_LIB` and `P_INDEX` parameters in `index_album.php` are not properly sanitized, allowing an attacker to include remote shellcode.
Description
Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in WebMatic 2.6, where the `P_LIB` and `P_INDEX` parameters in `index_album.php` are not properly sanitized, allowing an attacker to include remote shellcode.