CVE-2007-6550

PMOS Help Desk <2.4 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6550. PoCs published by EgiX.

AI-analyzed exploit summary This exploit leverages a PHP code injection vulnerability in PMOS Help Desk <= 2.4 by injecting malicious PHP code into the 'header' field of the 'options' table via form.php, which is then executed by an eval() function in index.php.

Description

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/4789

View Code ZIP pw:eip

This exploit leverages a PHP code injection vulnerability in PMOS Help Desk <= 2.4 by injecting malicious PHP code into the 'header' field of the 'options' table via form.php, which is then executed by an eval() function in index.php.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PMOS Help Desk <= 2.4

Auth required

Prerequisites: Access to the form.php endpoint · Valid session with administrative privileges

MITRE ATT&CK