CVE-2007-5600

Artmedic CMS < 3.4 - Remote Code Execution via Page Parameter URL Scheme Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5600. PoCs published by iNs.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) vulnerability in artmedic CMS by manipulating the 'page' parameter in the URL. It allows an attacker to include arbitrary local files on the server, potentially leading to information disclosure or further exploitation.

Description

Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by iNs · textwebappsphp

https://www.exploit-db.com/exploits/4538

View Code ZIP pw:eip

The exploit demonstrates a Local File Inclusion (LFI) vulnerability in artmedic CMS by manipulating the 'page' parameter in the URL. It allows an attacker to include arbitrary local files on the server, potentially leading to information disclosure or further exploitation.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: artmedic CMS

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4538

Scores

EPSS 0.0188

EPSS Percentile 76.8%

Details

CWE

CWE-94

Status published

Products (1)

artmedic_webdesign/artmedic_cms < 3.4

Published Oct 19, 2007

Tracked Since Feb 18, 2026