CVE-2007-3220

Cjay Content Module for XOOPS - Remote File Inclusion via spaw_root Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3220. PoCs published by g00ns.

AI-analyzed exploit summary This is a writeup describing a remote file inclusion vulnerability in Cjay Content 3 WYSIWYG editor for XOOPS CMS. The vulnerability exists in the 'spaw_control.class.php' file due to improper input validation, allowing remote attackers to include arbitrary files.

Description

PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656.

Exploits (1)

exploitdb WRITEUP VERIFIED

by g00ns · textwebappsphp

https://www.exploit-db.com/exploits/4070

View Code ZIP pw:eip

This is a writeup describing a remote file inclusion vulnerability in Cjay Content 3 WYSIWYG editor for XOOPS CMS. The vulnerability exists in the 'spaw_control.class.php' file due to improper input validation, allowing remote attackers to include arbitrary files.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Cjay Content 3 WYSIWYG editor for XOOPS CMS

No auth needed

Prerequisites: Register globals must be ON · Magic Quotes must be OFF

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2206

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/34856

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4070

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25665

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/36307

Scores

EPSS 0.6275

EPSS Percentile 99.1%

Details

Status published

Products (1)

xoops/cjay_content_module 3

Published Jun 14, 2007

Tracked Since Feb 18, 2026