CVE-2007-5780

teatro < 1.6 - Remote Code Execution via basePath Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5780. PoCs published by Alkomandoz Hacker.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in teatro 1.6 by manipulating the 'basePath' parameter in 'pub08_comments.php' to include an external file. The vulnerability allows an attacker to execute arbitrary code by including a malicious file.

Description

PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alkomandoz Hacker · textwebappsphp

https://www.exploit-db.com/exploits/4582

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in teatro 1.6 by manipulating the 'basePath' parameter in 'pub08_comments.php' to include an external file. The vulnerability allows an attacker to execute arbitrary code by including a malicious file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: teatro 1.6

No auth needed

Prerequisites: Access to the target web application · Ability to host a malicious file externally

MITRE ATT&CK