CVE-2007-5298

Creamotion - Code Injection

Title source: rule

Description

Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by HACKERS PAL · phpwebappsphp
https://www.exploit-db.com/exploits/4491

References (8)

Scores

EPSS 0.0724
EPSS Percentile 91.6%

Details

CWE
CWE-94
Status published
Products (1)
creamotion/creamotion .
Published Oct 09, 2007
Tracked Since Feb 18, 2026