CVE-2007-5784

CaupoShop Pro < 2.1 - Remote Code Execution via Index.php Action Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5784. PoCs published by mozi.

AI-analyzed exploit summary This is a writeup describing a vulnerability in an unspecified PHP-based shopping cart application. It demonstrates an SSRF or file inclusion vulnerability via the 'action' parameter, allowing arbitrary file retrieval or command execution through URL manipulation.

Description

PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by mozi · textwebappsphp
https://www.exploit-db.com/exploits/4577

This is a writeup describing a vulnerability in an unspecified PHP-based shopping cart application. It demonstrates an SSRF or file inclusion vulnerability via the 'action' parameter, allowing arbitrary file retrieval or command execution through URL manipulation.

Classification
Writeup 80%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Theoretical
Target: Unspecified PHP shopping cart application
No auth needed
Prerequisites: Access to the vulnerable PHP application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26239
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4577
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38122
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3643

Scores

EPSS 0.0207
EPSS Percentile 79.0%

Details

CWE
CWE-94
Status published
Products (1)
caupo.net/cauposhop_pro < 2.1
Published Nov 01, 2007
Tracked Since Feb 18, 2026