CVE-2007-4313

Php Blue Dragon CMS 3.0.0 - Remote File Inclusion via vsDragonRootPath Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4313. PoCs published by Kacper.

AI-analyzed exploit summary This is a writeup describing a Remote File Inclusion (RFI) vulnerability in Php Blue Dragon CMS 3.0.0. The vulnerability allows an attacker to include arbitrary remote files via the 'vsDragonRootPath' parameter in 'activecontent.php'.

Description

PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Kacper · textwebappsphp

https://www.exploit-db.com/exploits/4276

View Code ZIP pw:eip

This is a writeup describing a Remote File Inclusion (RFI) vulnerability in Php Blue Dragon CMS 3.0.0. The vulnerability allows an attacker to include arbitrary remote files via the 'vsDragonRootPath' parameter in 'activecontent.php'.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Php Blue Dragon CMS 3.0.0

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to reach the target URL

MITRE ATT&CK