CVE-2007-1247

aWebNews 1.5 - Remote Code Execution via path_to_news Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1247. PoCs published by mostafa_ragab.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in aWebNews, allowing an attacker to execute arbitrary PHP code by manipulating the 'path_to_news' parameter in 'listing.php'. No actual exploit code is present, only a description and example URL.

Description

Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by mostafa_ragab · textwebappsphp

https://www.exploit-db.com/exploits/29696

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in aWebNews, allowing an attacker to execute arbitrary PHP code by manipulating the 'path_to_news' parameter in 'listing.php'. No actual exploit code is present, only a description and example URL.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: aWebNews (version not specified)

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to host a malicious PHP file on a remote server

MITRE ATT&CK