CVE-2007-1539

pragmaMX Landkarten 2.1 - Directory Traversal via module_name Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1539. PoCs published by bd0rk.

AI-analyzed exploit summary This exploit targets a Local File Inclusion (LFI) vulnerability in pragmaMX Landkartenmodule 2.1, allowing arbitrary PHP code execution via log file poisoning. The script injects malicious PHP code into Apache logs and then includes the log file to execute system commands.

Description

Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bd0rk · perlwebappsphp

https://www.exploit-db.com/exploits/3521

View Code ZIP pw:eip

This exploit targets a Local File Inclusion (LFI) vulnerability in pragmaMX Landkartenmodule 2.1, allowing arbitrary PHP code execution via log file poisoning. The script injects malicious PHP code into Apache logs and then includes the log file to execute system commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: pragmaMX Landkartenmodule 2.1

No auth needed

Prerequisites: Apache log write permissions · Access to vulnerable pragmaMX module

MITRE ATT&CK