CVE-2007-4551

Agares Media Arcadem 2.01 - Remote Code Execution via Loadpage Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-4551. PoCs published by SmOk3, sm0k3.

AI-analyzed exploit summary The document describes Remote File Inclusion (RFI) and SQL Injection vulnerabilities in Arcadem 2.01. It provides proof-of-concept examples for both vulnerabilities, including URL manipulation for RFI and SQL injection via the 'cat' parameter.

Description

PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by SmOk3 · textwebappsphp

https://www.exploit-db.com/exploits/4326

View Code ZIP pw:eip

The document describes Remote File Inclusion (RFI) and SQL Injection vulnerabilities in Arcadem 2.01. It provides proof-of-concept examples for both vulnerabilities, including URL manipulation for RFI and SQL injection via the 'cat' parameter.

Classification

Writeup 90%

Attack Type

Sqli | Rce

Complexity

Trivial

Reliability

Reliable

Target: Arcadem 2.01

No auth needed

Prerequisites: Access to the target web application · PHP allow_url_fopen enabled for RFI

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by sm0k3 · textwebappsphp

https://www.exploit-db.com/exploits/30525

View Code ZIP pw:eip

The provided text describes a remote file-include vulnerability in Arcadem 2.01 due to insufficient sanitization of user-supplied data. It lacks executable exploit code but outlines the vulnerability and potential impact.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Arcadem 2.01

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources x_refsource_confirm

http://forums.agaresmedia.com/viewtopic.php?f=13&t=19

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/36856

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25432

Various Sources x_refsource_misc

http://14house.blogspot.com/2007/08/arcadem-rfi-sql-injection-flaws.html

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26574

Scores

EPSS 0.0301

EPSS Percentile 85.7%

Details

CWE

CWE-94

Status published

Products (1)

agares_media/arcadem 2.0.1

Published Aug 28, 2007

Tracked Since Feb 18, 2026