CVE-2007-3524
ripe_website_manager < 0.8.9 - Remote File Inclusion via Level Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-3524. PoCs published by BlackNDoor.
AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in Ripe Website Manager <= v0.8.9. The vulnerability arises from unsanitized user input in the 'level' parameter, allowing remote inclusion of arbitrary files.
Description
Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php.
Exploits (1)
This exploit demonstrates a Remote File Include (RFI) vulnerability in Ripe Website Manager <= v0.8.9. The vulnerability arises from unsanitized user input in the 'level' parameter, allowing remote inclusion of arbitrary files.