CVE-2007-1141

Magic News Plus 1.0.2 - Remote Code Execution via php_script_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1141. PoCs published by HACKERS PAL.

AI-analyzed exploit summary This exploit targets a remote file inclusion vulnerability in Magic News Pro 1.0.2, allowing arbitrary PHP code execution by manipulating the 'php_script_path' parameter in 'preview.php'. The script checks for a successful exploit by verifying the presence of a specific error message.

Description

PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.

Exploits (1)

exploitdb WORKING POC VERIFIED

by HACKERS PAL · phpwebappsphp

https://www.exploit-db.com/exploits/29627

View Code ZIP pw:eip

This exploit targets a remote file inclusion vulnerability in Magic News Pro 1.0.2, allowing arbitrary PHP code execution by manipulating the 'php_script_path' parameter in 'preview.php'. The script checks for a successful exploit by verifying the presence of a specific error message.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Magic News Pro 1.0.2

No auth needed

Prerequisites: Target server with Magic News Pro 1.0.2 installed · Remote file inclusion vulnerability in 'preview.php' · Network access to the target server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →