CVE-2007-1017

VirtualSystem VS-News-System <1.2.1 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1017. PoCs published by ajann.

AI-analyzed exploit summary This is a Remote File Include (RFI) exploit for VS-News-System <= V1.2.1, targeting the 'newsordner' parameter in 'show_news_inc.php'. It allows an attacker to include a remote shell script by manipulating the input field.

Description

PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · htmlwebappsphp

https://www.exploit-db.com/exploits/3322

View Code ZIP pw:eip

This is a Remote File Include (RFI) exploit for VS-News-System <= V1.2.1, targeting the 'newsordner' parameter in 'show_news_inc.php'. It allows an attacker to include a remote shell script by manipulating the input field.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: VS-News-System <= V1.2.1

No auth needed

Prerequisites: Target must have VS-News-System <= V1.2.1 installed · Remote shell script must be accessible

MITRE ATT&CK