CVE-2007-2677

phpChess Community Edition 2.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2677. PoCs published by GoLd_M.

AI-analyzed exploit summary This is a writeup describing multiple remote file inclusion vulnerabilities in phpChess Community Edition 2.0. It provides exploit paths but does not include functional exploit code.

Description

Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/3837

View Code ZIP pw:eip

This is a writeup describing multiple remote file inclusion vulnerabilities in phpChess Community Edition 2.0. It provides exploit paths but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: phpChess Community Edition 2.0

No auth needed

Prerequisites: remote file inclusion vulnerability in the target software · ability to host a malicious file on a remote server

MITRE ATT&CK