CVE-2007-5178

mx_glance 2.3.3 - Remote Code Execution via mx_root_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5178. PoCs published by bd0rk.

AI-analyzed exploit summary This is a writeup describing a remote file include vulnerability in mxBB Module mx_glance 2.3.3. The vulnerability arises from the $mx_root_path parameter not being declared before being used in an include_once statement, allowing remote file inclusion via the mx_root_path parameter.

Description

contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by bd0rk · textwebappsphp

https://www.exploit-db.com/exploits/4470

View Code ZIP pw:eip

This is a writeup describing a remote file include vulnerability in mxBB Module mx_glance 2.3.3. The vulnerability arises from the $mx_root_path parameter not being declared before being used in an include_once statement, allowing remote file inclusion via the mx_root_path parameter.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: mxBB Module mx_glance 2.3.3

No auth needed

Prerequisites: Access to the vulnerable endpoint · Ability to host or reference a malicious file

MITRE ATT&CK