CVE-2007-1643

LAN Management System < 1.8.9 - Remote Code Execution via PHP File Inclusion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1643. PoCs published by Kacper.

AI-analyzed exploit summary The code describes a Remote File Inclusion (RFI) vulnerability in LMS <= 1.8.9, where attacker-controlled input in the 'CONFIG[directories][userpanel_dir]' and '_LIB_DIR' parameters can lead to arbitrary file inclusion. No actual exploit code is provided, only vulnerability details.

Description

Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Kacper · textwebappsphp

https://www.exploit-db.com/exploits/3545

View Code ZIP pw:eip

The code describes a Remote File Inclusion (RFI) vulnerability in LMS <= 1.8.9, where attacker-controlled input in the 'CONFIG[directories][userpanel_dir]' and '_LIB_DIR' parameters can lead to arbitrary file inclusion. No actual exploit code is provided, only vulnerability details.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: LMS <= 1.8.9

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to reach the vulnerable endpoints

MITRE ATT&CK