CVE-2007-2428

ahhp-portal - Remote Code Execution via page.php fp or sc Parameter

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2428. PoCs published by CodeXpLoder'tq.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Ahhp Portal, where unsanitized user input in the 'fp' and 'sc' parameters can lead to arbitrary file inclusion. No actual exploit code is present, only URLs demonstrating the vulnerability.

Description

Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by CodeXpLoder'tq · textwebappsphp
https://www.exploit-db.com/exploits/29903

The provided text describes a remote file inclusion vulnerability in Ahhp Portal, where unsanitized user input in the 'fp' and 'sc' parameters can lead to arbitrary file inclusion. No actual exploit code is present, only URLs demonstrating the vulnerability.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Ahhp Portal (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Various Sources x_refsource_misc
http://securityvulns.com/source13951.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/477253/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/36568
Various Sources x_refsource_misc
http://securityvulns.com/Qdocument838.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23658
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34443

Scores

EPSS 0.0970
EPSS Percentile 94.9%

Details

CWE
CWE-94
Status published
Products (1)
ahhp-portal/ahhp-portal
Published May 02, 2007
Tracked Since Feb 18, 2026