CVE-2007-2067

Marco Antonio Islas Cruz WebSlider 0.6 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2067. PoCs published by GoLd_M.

AI-analyzed exploit summary This is a writeup describing remote file inclusion vulnerabilities in Web Slider 0.6. It lists multiple endpoints where the 'path' parameter can be manipulated to include arbitrary files, potentially leading to remote code execution.

Description

Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/3745

View Code ZIP pw:eip

This is a writeup describing remote file inclusion vulnerabilities in Web Slider 0.6. It lists multiple endpoints where the 'path' parameter can be manipulated to include arbitrary files, potentially leading to remote code execution.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Web Slider 0.6

No auth needed

Prerequisites: network access to the target application · vulnerable version of Web Slider installed

MITRE ATT&CK