CVE-2007-0986

Jupiter CMS 1.1.5 - Remote Code Execution via FTP URL in Index.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0986. PoCs published by DarkFig.

AI-analyzed exploit summary This exploit demonstrates Local/Remote File Inclusion vulnerabilities in Jupiter CMS 1.1.5 due to improper filtering of the 'n' parameter in index.php. It allows attackers to include arbitrary local files (with magic_quotes_gpc=Off) or remote files (with PHP >= 5.0.0 and allow_url_fopen=On).

Description

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · textwebappsphp

https://www.exploit-db.com/exploits/3309

View Code ZIP pw:eip

This exploit demonstrates Local/Remote File Inclusion vulnerabilities in Jupiter CMS 1.1.5 due to improper filtering of the 'n' parameter in index.php. It allows attackers to include arbitrary local files (with magic_quotes_gpc=Off) or remote files (with PHP >= 5.0.0 and allow_url_fopen=On).

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Jupiter CMS 1.1.5

No auth needed

Prerequisites: magic_quotes_gpc=Off for LFI · PHP >= 5.0.0 and allow_url_fopen=On for RFI

MITRE ATT&CK