CVE-2007-0983

AT Contenator < 1.0 - Remote Code Execution via Root_To_Script Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0983. PoCs published by ajann.

AI-analyzed exploit summary This is a Remote File Include (RFI) exploit for AT Contenator <= v1.0. It leverages the 'Root_To_Script' parameter in '_admin/nav.php' to include a remote shell script, enabling arbitrary code execution.

Description

PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · htmlwebappsphp

https://www.exploit-db.com/exploits/3297

View Code ZIP pw:eip

This is a Remote File Include (RFI) exploit for AT Contenator <= v1.0. It leverages the 'Root_To_Script' parameter in '_admin/nav.php' to include a remote shell script, enabling arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AT Contenator <= v1.0

No auth needed

Prerequisites: Remote shell script hosted on an accessible server · Target application with vulnerable 'Root_To_Script' parameter

MITRE ATT&CK