cbcvebase.
CVE-2007-1525
published 2007-03-20

CVE-2007-1525: Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat…

PriorityP356medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
36.97%
98.3th percentile
Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
dayfox_designsdayfox_blog
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.