CVE-2007-5440

CRS Manager - Remote File Inclusion via DOCUMENT_ROOT Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5440. PoCs published by iNs.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in CRS Manager, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URLs demonstrate potential exploitation vectors but lack executable code.

Description

Multiple PHP remote file inclusion vulnerabilities in CRS Manager allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) index.php or (2) login.php. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an attacker

Exploits (1)

exploitdb WRITEUP VERIFIED
by iNs · textwebappsphp
https://www.exploit-db.com/exploits/30658

The provided text describes a remote file inclusion vulnerability in CRS Manager, where insufficient sanitization of user-supplied data allows arbitrary file inclusion. The example URLs demonstrate potential exploitation vectors but lack executable code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: CRS Manager (version unspecified)
No auth needed
Prerequisites: Network access to the target application · CRS Manager with vulnerable configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/43486
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482006/100/0/threaded
Various Sources x_refsource_misc
http://securityvulns.com/source26994.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3216
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26034

Scores

EPSS 0.0322
EPSS Percentile 86.6%

Details

CWE
CWE-20
Status published
Products (1)
crs_manager/crs_manager
Published Oct 14, 2007
Tracked Since Feb 18, 2026