CVE-2008-3207
Pragyan CMS 2.6.2 - Remote Code Execution via form.lib.php Parameter Injection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-3207. PoCs published by N3TR00T3R.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Pragyan CMS 2.6.2 due to improper handling of user-supplied input in the 'sourceFolder' parameter. The exploit allows an attacker to include and execute arbitrary remote PHP code if 'register_globals' is enabled.
Description
PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Pragyan CMS 2.6.2 due to improper handling of user-supplied input in the 'sourceFolder' parameter. The exploit allows an attacker to include and execute arbitrary remote PHP code if 'register_globals' is enabled.