CVE-2007-5914

JBC Explorer <7.20 RC1 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5914. PoCs published by DarkFig.

AI-analyzed exploit summary This exploit targets JBC Explorer <= V7.20 RC 1, leveraging a remote code execution vulnerability by manipulating configuration files and injecting malicious PHP code. It establishes an interactive shell by exploiting improper input validation in the application.

Description

Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · phpwebappsphp

https://www.exploit-db.com/exploits/4608

View Code ZIP pw:eip

This exploit targets JBC Explorer <= V7.20 RC 1, leveraging a remote code execution vulnerability by manipulating configuration files and injecting malicious PHP code. It establishes an interactive shell by exploiting improper input validation in the application.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: JBC Explorer <= V7.20 RC 1

No auth needed

Prerequisites: Network access to the target application · PHP environment to run the exploit

MITRE ATT&CK