CVE-2007-4235

VietPHP - Remote File Inclusion via dirpath or language Parameter

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-4235. PoCs published by master-of-desastor.

AI-analyzed exploit summary The provided text describes a remote file-include vulnerability in VietPHP due to insufficient sanitization of user-supplied data. It includes a sample exploit URL but lacks actual exploit code or detailed technical steps.

Description

Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.

Exploits (3)

exploitdb WRITEUP VERIFIED
by master-of-desastor · textwebappsphp
https://www.exploit-db.com/exploits/30456

The provided text describes a remote file-include vulnerability in VietPHP due to insufficient sanitization of user-supplied data. It includes a sample exploit URL but lacks actual exploit code or detailed technical steps.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: VietPHP (version not specified)
No auth needed
Prerequisites: Access to the target URL · VietPHP installation with vulnerable configuration
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by master-of-desastor · textwebappsphp
https://www.exploit-db.com/exploits/30459

The provided text describes a remote file-include vulnerability in VietPHP due to insufficient sanitization of user-supplied data. It includes a basic example URL demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: VietPHP (version not specified)
No auth needed
Prerequisites: Access to the target application URL
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by master-of-desastor · textwebappsphp
https://www.exploit-db.com/exploits/30457

The provided text describes a remote file-include vulnerability in VietPHP due to insufficient sanitization of user-supplied data. It includes a sample exploit URL but lacks actual exploit code or detailed technical steps.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: VietPHP (version not specified)
No auth needed
Prerequisites: Access to the target application · Ability to send crafted HTTP requests
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25226
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35846
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2983
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/475758/100/0/threaded

Scores

EPSS 0.0340
EPSS Percentile 87.4%

Details

Status published
Products (1)
vietphp/vietphp
Published Aug 08, 2007
Tracked Since Feb 18, 2026