CVE-2007-3831

IBM Proventia Network IPS GX5008 1.5 and GX5108 1.3 - Remote File Inclusion via main.php page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3831. PoCs published by alt3kx.

AI-analyzed exploit summary This repository provides a technical writeup and references for CVE-2007-3831, a PHP remote file inclusion vulnerability in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5. It includes links to Exploit-DB entries, a research paper, and VUPEN advisory, but does not contain functional exploit code.

Description

PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Exploits (1)

nomisec WRITEUP
by alt3kx · poc
https://github.com/alt3kx/CVE-2007-3831

This repository provides a technical writeup and references for CVE-2007-3831, a PHP remote file inclusion vulnerability in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5. It includes links to Exploit-DB entries, a research paper, and VUPEN advisory, but does not contain functional exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5
No auth needed
Prerequisites: Network access to the vulnerable application · Ability to host a malicious PHP file on a remote server
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://www.sybsecurity.com/hack-proventia-1.pdf
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25979
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2545
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36474

Scores

EPSS 0.0493
EPSS Percentile 91.0%

Details

Status published
Products (2)
ibm/proventia_network_ips_gx5008 1.5
ibm/proventia_network_ips_gx5108 1.3
Published Jul 17, 2007
Tracked Since Feb 18, 2026