CVE-2007-2313

mx_shotcast 1.0 RC2 - Remote File Inclusion via mx_root_path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2313. PoCs published by bd0rk.

AI-analyzed exploit summary This exploit targets a remote file inclusion vulnerability in mxBB Module MX Shotcast 1.0 RC2 via the 'mx_root_path' parameter in 'getinfo1.php'. It allows an attacker to include a remote command shell and execute arbitrary commands on the target system.

Description

PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by bd0rk · perlwebappsphp
https://www.exploit-db.com/exploits/3716

This exploit targets a remote file inclusion vulnerability in mxBB Module MX Shotcast 1.0 RC2 via the 'mx_root_path' parameter in 'getinfo1.php'. It allows an attacker to include a remote command shell and execute arbitrary commands on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: mxBB Module MX Shotcast 1.0 RC2
No auth needed
Prerequisites: Remote command shell accessible via HTTP · Target with vulnerable 'getinfo1.php' script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33599
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23444
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1384
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3716

Scores

EPSS 0.0608
EPSS Percentile 92.5%

Details

Status published
Products (1)
mxbb/mx_shotcast 1.0_rc2
Published Apr 26, 2007
Tracked Since Feb 18, 2026