CVE-2007-2154

cabron_connector < 1.1.0 - Remote File Inclusion via CabronServiceFolder Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2154. PoCs published by Dj7xpl.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Cabron Connector v1.1.0. The vulnerability arises from improper input validation in the 'CabronServiceFolder' parameter, allowing an attacker to include arbitrary remote files via null byte injection.

Description

PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dj7xpl · textwebappsphp

https://www.exploit-db.com/exploits/3756

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Cabron Connector v1.1.0. The vulnerability arises from improper input validation in the 'CabronServiceFolder' parameter, allowing an attacker to include arbitrary remote files via null byte injection.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Cabron Connector v1.1.0

No auth needed

Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server

MITRE ATT&CK