CVE-2007-1839

CodeBB < 1.1_beta_3 - Remote File Inclusion via phpbb_root_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1839. PoCs published by Alkomandoz Hacker.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in CodeBB 1.1b3 by manipulating the `phpbb_root_path` parameter to include arbitrary files, potentially leading to remote code execution.

Description

Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) pass_code.php or (2) lang_select.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alkomandoz Hacker · textwebappsphp

https://www.exploit-db.com/exploits/3599

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in CodeBB 1.1b3 by manipulating the `phpbb_root_path` parameter to include arbitrary files, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CodeBB 1.1b3

No auth needed

Prerequisites: Target must have CodeBB 1.1b3 installed · Remote file inclusion must be enabled on the server

MITRE ATT&CK