CVE-2007-4978
phpsyncml < 0.1.2 - Remote Code Execution via base_dir Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-4978. PoCs published by S.W.A.T..
AI-analyzed exploit summary This is a writeup describing a Remote File Include (RFI) vulnerability in phpsyncml <= 0.1.2. It provides exploitation paths but does not include functional exploit code.
Description
Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) Decoder.php and (2) Encoder.php in WBXML/.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by S.W.A.T. · textwebappsphp
https://www.exploit-db.com/exploits/4421
This is a writeup describing a Remote File Include (RFI) vulnerability in phpsyncml <= 0.1.2. It provides exploitation paths but does not include functional exploit code.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target:
phpsyncml <= 0.1.2
No auth needed
Prerequisites:
target application with vulnerable version · ability to reach the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25701
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38260
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38261
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36665
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4421
Scores
EPSS
0.0276
EPSS Percentile
84.3%
Details
CWE
CWE-94
Status
published
Products (1)
phpsyncml/phpsyncml
< 0.1.2
Published
Sep 19, 2007
Tracked Since
Feb 18, 2026