CVE-2007-1024
Meganoide's news 1.1.1 - Remote File Inclusion via _SERVER[DOCUMENT_ROOT] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-1024. PoCs published by KaRTaL.
AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Meganoide's news version 1.1.1 by manipulating the `_SERVER[DOCUMENT_ROOT]` parameter to include arbitrary PHP code. The attack leverages insufficient input sanitization to achieve remote code execution.
Description
PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.
Exploits (1)
This exploit demonstrates a remote file inclusion vulnerability in Meganoide's news version 1.1.1 by manipulating the `_SERVER[DOCUMENT_ROOT]` parameter to include arbitrary PHP code. The attack leverages insufficient input sanitization to achieve remote code execution.