CVE-2007-4008

Entertainment Media Sharing CMS - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4008. PoCs published by Kw3[R]Ln.

AI-analyzed exploit summary This exploit leverages a Local File Inclusion (LFI) vulnerability in Entertainment CMS to inject PHP code into Apache log files, enabling remote command execution via a crafted HTTP request. The exploit requires `magic_quotes_gpc` to be off and relies on log poisoning to achieve RCE.

Description

Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kw3[R]Ln · perlwebappsphp

https://www.exploit-db.com/exploits/4220

View Code ZIP pw:eip

This exploit leverages a Local File Inclusion (LFI) vulnerability in Entertainment CMS to inject PHP code into Apache log files, enabling remote command execution via a crafted HTTP request. The exploit requires `magic_quotes_gpc` to be off and relies on log poisoning to achieve RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Entertainment CMS (version not specified)

No auth needed

Prerequisites: magic_quotes_gpc = off · Apache log file write permissions · LFI vulnerability in custom.php

MITRE ATT&CK