CVE-2007-5802

Firewolf Technologies Synergiser <1.2 RC1 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-5802. PoCs published by KiNgOfThEwOrLd.

AI-analyzed exploit summary This is a writeup detailing Local File Inclusion (LFI) and Full Path Disclosure vulnerabilities in Synergiser CMS <= 1.2 RC1. It explains how to exploit the 'page' parameter for directory traversal and path disclosure via function redeclaration errors.

Description

Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration.

Exploits (2)

exploitdb WRITEUP VERIFIED
by KiNgOfThEwOrLd · textwebappsphp
https://www.exploit-db.com/exploits/4595

This is a writeup detailing Local File Inclusion (LFI) and Full Path Disclosure vulnerabilities in Synergiser CMS <= 1.2 RC1. It explains how to exploit the 'page' parameter for directory traversal and path disclosure via function redeclaration errors.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Synergiser CMS <= 1.2 RC1
No auth needed
Prerequisites: access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by KiNgOfThEwOrLd · textwebappsphp
https://www.exploit-db.com/exploits/30731

The exploit describes a local file inclusion (LFI) vulnerability in Synergiser 1.2 RC1 due to improper input sanitization. It allows unauthorized file access via path traversal in the 'page' parameter.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Synergiser 1.2 RC1
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3335
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27466
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38217
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38218
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26289
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3745
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/483099/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38371

Scores

EPSS 0.0392
EPSS Percentile 89.0%

Details

CWE
CWE-22
Status published
Products (1)
firewolf_technologies/synergiser < 1.2_rc1
Published Nov 03, 2007
Tracked Since Feb 18, 2026