CVE-2007-5693

SiteBar 3.3.8 - Authenticated PHP Code Injection via Translation Module

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5693. PoCs published by Robert Buchholz.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in SiteBar's translator.php by manipulating the 'lang' parameter to execute arbitrary system commands. The PoC shows how an attacker can inject a command like 'uname -a' via the URL.

Description

Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Robert Buchholz · textwebappsphp

https://www.exploit-db.com/exploits/30683

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in SiteBar's translator.php by manipulating the 'lang' parameter to execute arbitrary system commands. The PoC shows how an attacker can inject a command like 'uname -a' via the URL.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SiteBar 3.3.8 and prior versions

No auth needed

Prerequisites: Access to the translator.php endpoint

MITRE ATT&CK