CVE-2007-6347

ViArt CMS/HelpDesk/Shop Evaluation/Shop Free <3.3.2 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6347. PoCs published by RoMaNcYxHaCkEr.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in ViArt CMS 3.3.2 by manipulating the 'root_folder_path' parameter to include a remote shell. The vulnerability arises from insecure file inclusion in the 'block_site_map.php' file.

Description

PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RoMaNcYxHaCkEr · textwebappsphp

https://www.exploit-db.com/exploits/4722

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in ViArt CMS 3.3.2 by manipulating the 'root_folder_path' parameter to include a remote shell. The vulnerability arises from insecure file inclusion in the 'block_site_map.php' file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ViArt CMS 3.3.2

No auth needed

Prerequisites: Remote shell accessible via URL · PHP allow_url_include enabled

MITRE ATT&CK