CVE-2007-6232

FTP Admin 0.1.0 - Cross-Site Scripting via Error Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-6232. PoCs published by ShAy6oOoN, Omni.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in tellmatic 1.0.7. It provides multiple URLs that can be used to include arbitrary remote files via the `tm_includepath` parameter, leading to potential remote code execution.

Description

Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.

Exploits (2)

exploitdb WORKING POC VERIFIED

by ShAy6oOoN · textwebappsphp

https://www.exploit-db.com/exploits/4684

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in tellmatic 1.0.7. It provides multiple URLs that can be used to include arbitrary remote files via the `tm_includepath` parameter, leading to potential remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: tellmatic 1.0.7

No auth needed

Prerequisites: register_globals must be enabled on the target server

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Omni · textwebappsphp

https://www.exploit-db.com/exploits/4681

View Code ZIP pw:eip

The document describes multiple vulnerabilities in FTP Admin v0.1.0, including XSS, Local File Inclusion, and Admin Bypass. It provides PoC URLs but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: FTP Admin v0.1.0

No auth needed

Prerequisites: Access to the web interface · Register globals enabled for LFI

MITRE ATT&CK

T1059.007 - JavaScript T1006 - Direct Volume Access T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/38780

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4681

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27875

Scores

EPSS 0.0155

EPSS Percentile 71.9%

Details

CWE

CWE-79

Status published

Products (1)

ftp/admin 0.1.0

Published Dec 04, 2007

Tracked Since Feb 18, 2026