CVE-2007-6632

xml2owl 0.1.1 - Remote Code Execution via showCode.php Path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6632. PoCs published by MhZ91.

AI-analyzed exploit summary This exploit demonstrates a remote command execution vulnerability in xml2owl-0.1.1 via the 'path' parameter in showCode.php, which is passed to shell_exec without proper sanitization. The PoC shows how an attacker can inject arbitrary commands through the URL.

Description

showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by MhZ91 · textwebappsphp
https://www.exploit-db.com/exploits/4800

This exploit demonstrates a remote command execution vulnerability in xml2owl-0.1.1 via the 'path' parameter in showCode.php, which is passed to shell_exec without proper sanitization. The PoC shows how an attacker can inject arbitrary commands through the URL.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: xml2owl-0.1.1
No auth needed
Prerequisites: Target must have xml2owl-0.1.1 installed and accessible · The vulnerable showCode.php file must be reachable
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39327
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4800
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27050
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/39880

Scores

EPSS 0.0247
EPSS Percentile 82.4%

Details

CWE
CWE-94
Status published
Products (1)
xml2owl/xml2owl 0.1.1
Published Jan 04, 2008
Tracked Since Feb 18, 2026