CVE-2007-5298

CMS Creamotion - Remote File Inclusion via cfg[document_uri] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5298. PoCs published by HACKERS PAL.

AI-analyzed exploit summary This exploit targets a remote file inclusion vulnerability in CMS Creamotion, allowing arbitrary command execution by injecting a malicious URL into the 'cfg[document_uri]' parameter. The script checks for a specific error message to confirm vulnerability before executing the provided command.

Description

Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by HACKERS PAL · phpwebappsphp

https://www.exploit-db.com/exploits/4491

View Code ZIP pw:eip

This exploit targets a remote file inclusion vulnerability in CMS Creamotion, allowing arbitrary command execution by injecting a malicious URL into the 'cfg[document_uri]' parameter. The script checks for a specific error message to confirm vulnerability before executing the provided command.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CMS Creamotion (version not specified)

No auth needed

Prerequisites: PHP CLI · Network access to the target · Target must have allow_url_fopen enabled

MITRE ATT&CK