CVE-2007-2503

PHP Turbulence 0.0.1 alpha - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2503. PoCs published by Omni.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in PHP Turbulence due to insufficient sanitization of user-supplied input. An attacker can include a remote script via the 'GLOBALS[tcore]' parameter, leading to potential remote code execution.

Description

Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by Omni · textwebappsphp

https://www.exploit-db.com/exploits/29874

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in PHP Turbulence due to insufficient sanitization of user-supplied input. An attacker can include a remote script via the 'GLOBALS[tcore]' parameter, leading to potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHP Turbulence 0.0.1 alpha

No auth needed

Prerequisites: Remote script hosting · PHP Turbulence installation with vulnerable configuration

MITRE ATT&CK