CVE-2008-7087

OpenPro 1.3.1 - Remote Code Execution via LIBPATH Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7087. PoCs published by Ghost Hacker.

AI-analyzed exploit summary The code describes a remote file inclusion vulnerability in OpenPro 1.3.1 due to insufficient sanitization of user-supplied data in the LIBPATH parameter. An attacker can exploit this to execute arbitrary PHP code in the context of the webserver process.

Description

PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ghost Hacker · textwebappsphp

https://www.exploit-db.com/exploits/32058

View Code ZIP pw:eip

The code describes a remote file inclusion vulnerability in OpenPro 1.3.1 due to insufficient sanitization of user-supplied data in the LIBPATH parameter. An attacker can exploit this to execute arbitrary PHP code in the context of the webserver process.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: OpenPro 1.3.1

No auth needed

Prerequisites: Access to the vulnerable endpoint · Ability to host or reference malicious PHP code

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/52898

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/30264

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/494426/100/0/threaded

Exploit vdb-entry x_refsource_osvdb

http://osvdb.org/51466

Scores

EPSS 0.0230

EPSS Percentile 81.1%

Details

CWE

CWE-94

Status published

Products (1)

openpro/openpro 1.3.1

Published Aug 26, 2009

Tracked Since Feb 18, 2026