CVE-2007-3315

EIP tracks 1 public exploit for CVE-2007-3315. PoCs published by Crackers_Child.

AI-analyzed exploit summary The exploit demonstrates a remote file inclusion vulnerability in YourFreeScreamer 1.0 due to improper input validation in the 'serverPath' parameter in bodyTemplate.php. An attacker can include arbitrary remote files by manipulating the parameter, potentially leading to remote code execution.

Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter to bodyTemplate.php in (1) templates/Classic/, (2) templates/Classic Guestbook/, (3) templates/DarkNights/, and (4) templates/Simplistic/, different vectors than CVE-2007-3271. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.