CVE-2007-2258

PHPMyBibli - Remote File Inclusion via base_path Parameter

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2258. PoCs published by MoHaNdKo.

AI-analyzed exploit summary The provided text describes a remote file-include vulnerability in PHPMyBibli 1.32 due to insufficient input sanitization. The example URL demonstrates how an attacker could exploit this by injecting a malicious path via the 'base_path' parameter.

Description

PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by MoHaNdKo · textwebappsphp
https://www.exploit-db.com/exploits/29879

The provided text describes a remote file-include vulnerability in PHPMyBibli 1.32 due to insufficient input sanitization. The example URL demonstrates how an attacker could exploit this by injecting a malicious path via the 'base_path' parameter.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: PHPMyBibli 1.32
No auth needed
Prerequisites: Network access to the target application · PHPMyBibli installation with vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/466659/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33808
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23599
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2622

Scores

EPSS 0.0229
EPSS Percentile 80.9%

Details

Status published
Products (1)
phpmybibli/phpmybibli
Published Apr 25, 2007
Tracked Since Feb 18, 2026