CVE-2007-2181

Webinsta FM Manager < 0.1.4 - Remote Code Execution via Absolute Path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2181. PoCs published by g00ns.

AI-analyzed exploit summary This exploit targets a Remote File Inclusion (RFI) vulnerability in WebInsta FM <= 0.1.4 by manipulating the 'absolute_path' parameter in /admin/login.php. It requires register_globals to be ON and magic_quotes to be OFF, and it sends arbitrary commands to a remote shell via HTTP requests.

Description

PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748.

Exploits (1)

exploitdb WORKING POC VERIFIED

by g00ns · pythonwebappsphp

https://www.exploit-db.com/exploits/3778

View Code ZIP pw:eip

This exploit targets a Remote File Inclusion (RFI) vulnerability in WebInsta FM <= 0.1.4 by manipulating the 'absolute_path' parameter in /admin/login.php. It requires register_globals to be ON and magic_quotes to be OFF, and it sends arbitrary commands to a remote shell via HTTP requests.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WebInsta FM <= 0.1.4

No auth needed

Prerequisites: register_globals ON · magic_quotes OFF · access to /admin/login.php

MITRE ATT&CK