CVE-2007-2156

rezervi_generic < 0.9 - Remote File Inclusion via root Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2156. PoCs published by GoLd_M.

AI-analyzed exploit summary This is a writeup describing multiple remote file inclusion vulnerabilities in Rezervi Generic 0.9. It lists several exploitable paths but does not include actual exploit code or payloads.

Description

Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5) wochenuebersicht.inc.php, (6) monatsuebersicht.inc.php, (7) jahresuebersicht.inc.php, and (8) tagesuebersicht.inc.php in belegungsplan/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/3763

View Code ZIP pw:eip

This is a writeup describing multiple remote file inclusion vulnerabilities in Rezervi Generic 0.9. It lists several exploitable paths but does not include actual exploit code or payloads.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Rezervi Generic 0.9

No auth needed

Prerequisites: network access to the target application · ability to craft malicious URLs with remote file inclusion payloads

MITRE ATT&CK