CVE-2007-3217

Prototype of an PHP application 0.1 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 12 public exploits for CVE-2007-3217. PoCs published by pito pito.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in 'Prototype of a PHP application' version 0.1, where unsanitized user input in the 'path_inc' parameter allows arbitrary remote file execution. The example URL demonstrates how an attacker could exploit this to include a malicious shell.

Description

Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the path_inc parameter to (1) index.php in gestion/; (2) identification.php, (3) disconnect.php, (4) loginliste.php, (5) loginmodif.php, (6) index.php, and (7) ident.inc.php in ident/; (8) menuadministration.php and (9) menuprincipal.php in menu/; (10) param.inc.php in param/; (11) index.php in plugins/phpgacl/; and (12) index.php and (13) common.inc.php.

Exploits (12)

exploitdb WRITEUP VERIFIED
by pito pito · textwebappsphp
https://www.exploit-db.com/exploits/30126

The provided text describes a remote file inclusion vulnerability in 'Prototype of a PHP application' version 0.1, where unsanitized user input in the 'path_inc' parameter allows arbitrary remote file execution. The example URL demonstrates how an attacker could exploit this to include a malicious shell.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Prototype of a PHP application 0.1
No auth needed
Prerequisites: Network access to the vulnerable application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by pito pito · textwebappsphp
https://www.exploit-db.com/exploits/30128

The provided text describes a remote file inclusion vulnerability in 'Prototype of a PHP application' version 0.1, where unsanitized user input in the 'path_inc' parameter allows arbitrary remote file execution. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Prototype of a PHP application 0.1
No auth needed
Prerequisites: Remote file hosting with malicious script · Target application with vulnerable parameter exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by pito pito · textwebappsphp
https://www.exploit-db.com/exploits/30129

The provided text describes a remote file inclusion vulnerability in 'Prototype of a PHP application' version 0.1, where unsanitized user input to the 'path_inc' parameter in 'common.inc.php' allows arbitrary remote file execution. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Prototype of a PHP application 0.1
No auth needed
Prerequisites: Remote file inclusion must be enabled on the server · Attacker-controlled remote file with malicious code
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by pito pito · textwebappsphp
https://www.exploit-db.com/exploits/30127

The provided text describes a remote file inclusion vulnerability in 'Prototype of a PHP application' version 0.1, where unsanitized user input in the 'path_inc' parameter allows arbitrary remote file execution. The example URL demonstrates how an attacker could exploit this to include a malicious shell.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Prototype of a PHP application 0.1
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by pito pito · textwebappsphp
https://www.exploit-db.com/exploits/30125

The provided text describes a remote file inclusion vulnerability in 'Prototype of an PHP application' version 0.1, where unsanitized user input in the 'path_inc' parameter allows arbitrary remote file execution. The example URL demonstrates how an attacker could exploit this to include a malicious shell.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Prototype of an PHP application 0.1
No auth needed
Prerequisites: Access to the vulnerable application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by pito pito · textwebappsphp
https://www.exploit-db.com/exploits/30122

The provided text describes a remote file inclusion vulnerability in 'Prototype of an PHP application' version 0.1. It outlines how an attacker can exploit unsanitized input to execute arbitrary remote files, potentially compromising the system.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Prototype of an PHP application 0.1
No auth needed
Prerequisites: Access to the vulnerable application · Ability to craft a malicious URL with a remote file inclusion payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by pito pito · textwebappsphp
https://www.exploit-db.com/exploits/30121

The provided text describes a remote file inclusion vulnerability in 'Prototype of a PHP application' version 0.1, where unsanitized user input in the 'path_inc' parameter allows arbitrary remote file execution. The example URL demonstrates how an attacker could exploit this to include a malicious shell.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Prototype of a PHP application 0.1
No auth needed
Prerequisites: Remote file inclusion must be enabled on the server · Attacker must be able to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by pito pito · textwebappsphp
https://www.exploit-db.com/exploits/30123

The provided text describes a remote file inclusion vulnerability in 'Prototype of a PHP application' version 0.1, where unsanitized user input in the 'path_inc' parameter allows arbitrary remote file execution. The example URL demonstrates how an attacker could exploit this to include a malicious shell.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Prototype of a PHP application 0.1
No auth needed
Prerequisites: Network access to the vulnerable application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by pito pito · textwebappsphp
https://www.exploit-db.com/exploits/30119

The provided text describes a remote file inclusion vulnerability in 'Prototype of an PHP application' version 0.1, where unsanitized user input in the 'path_inc' parameter can lead to arbitrary remote file execution. No actual exploit code is included, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Prototype of an PHP application 0.1
No auth needed
Prerequisites: Remote file inclusion must be enabled on the server · Attacker must be able to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by pito pito · textwebappsphp
https://www.exploit-db.com/exploits/30124

The code describes a remote file inclusion vulnerability in 'Prototype of an PHP application' version 0.1, where unsanitized user input in the 'path_inc' parameter allows arbitrary file execution. The example URL demonstrates how an attacker could exploit this to include a remote shell.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Prototype of an PHP application 0.1
No auth needed
Prerequisites: Remote file inclusion must be enabled on the server · Attacker-controlled remote file with malicious code
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by pito pito · textwebappsphp
https://www.exploit-db.com/exploits/30120

The code describes a remote file inclusion vulnerability in 'Prototype of a PHP application' version 0.1, where unsanitized user input in the 'path_inc' parameter allows arbitrary remote file execution. The example URL demonstrates how an attacker could exploit this to include a malicious shell.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Prototype of a PHP application 0.1
No auth needed
Prerequisites: Network access to the vulnerable application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by pito pito · textwebappsphp
https://www.exploit-db.com/exploits/30118

The provided text describes a remote file inclusion vulnerability in 'Prototype of a PHP application' version 0.1, where unsanitized user input in the 'path_inc' parameter allows arbitrary remote file execution. The example URL demonstrates the vulnerability but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Prototype of a PHP application 0.1
No auth needed
Prerequisites: Remote file inclusion must be enabled on the server · Attacker-controlled remote file with malicious code
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37158
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2812
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37155
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37161
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/470245/100/100/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24266
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34679
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37160
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37153
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37151
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37159
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37156
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37157
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37152
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37150
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37154
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37149

Scores

EPSS 0.1010
EPSS Percentile 95.0%

Details

Status published
Products (1)
prototype_of_an_php_application/prototype_of_an_php_application 0.1
Published Jun 14, 2007
Tracked Since Feb 18, 2026