CVE-2007-6324

CityWriter 0.9.7 - Remote Code Execution via Path Parameter in head.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6324. PoCs published by RoMaNcYxHaCkEr.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in CityWriter 0.9.7 via the 'path' parameter in head.php. The PoC shows how an attacker can include a remote shell (c99.txt) by manipulating the 'path' parameter.

Description

PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by RoMaNcYxHaCkEr · textwebappsphp
https://www.exploit-db.com/exploits/4726

This exploit demonstrates a Remote File Include (RFI) vulnerability in CityWriter 0.9.7 via the 'path' parameter in head.php. The PoC shows how an attacker can include a remote shell (c99.txt) by manipulating the 'path' parameter.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: CityWriter 0.9.7
No auth needed
Prerequisites: Remote shell or malicious file hosted on an accessible server · PHP allow_url_include enabled on the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4726
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39012
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28058
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26848

Scores

EPSS 0.0527
EPSS Percentile 91.5%

Details

CWE
CWE-94
Status published
Products (1)
city_writer/citywriter 0.9.7
Published Dec 13, 2007
Tracked Since Feb 18, 2026