CVE-2007-4552

Agares Media Arcadem 2.01 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4552.

AI-analyzed exploit summary The document describes a Remote File Inclusion (RFI) and SQL Injection vulnerability in Arcadem 2.01. It provides proof-of-concept examples for both vulnerabilities, including URL-encoded payloads for SQLi and path traversal for RFI.

Description

SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary SQL commands via the blockpage parameter. NOTE: as of 20070827, the vendor has made conflicting statements regarding whether this issue exists or not.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/4326

The document describes a Remote File Inclusion (RFI) and SQL Injection vulnerability in Arcadem 2.01. It provides proof-of-concept examples for both vulnerabilities, including URL-encoded payloads for SQLi and path traversal for RFI.

Classification
Writeup 90%
Attack Type
Sqli | Other
Complexity
Trivial
Reliability
Reliable
Target: Arcadem 2.01
No auth needed
Prerequisites: Web server with vulnerable Arcadem 2.01 installation · PHP allow_url_fopen enabled for RFI
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36857
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25418
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26574

Scores

EPSS 0.0100
EPSS Percentile 58.4%

Details

CWE
CWE-89
Status published
Products (1)
agares_media/arcadem 2.0.1
Published Aug 28, 2007
Tracked Since Feb 18, 2026