cbcvebase.
CVE-2007-1697
published 2007-03-27

CVE-2007-1697: PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the…

PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
73.00%
99.4th percentile
PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
philexphilex<= 0.2.3

Detection & IOCsextracted from sources · hover to see the quote

path/header.inc.php
path/download.php
pathconf.inc.php
  • Monitor HTTP requests to header.inc.php containing a URL or remote shell path in the 'CssFile' GET parameter, indicating remote file inclusion exploitation.
  • ·The RFI vulnerability affects Philex 0.2.3 and earlier; the vulnerable parameter is 'CssFile' in header.inc.php. Detection rules should scope to this specific application path and parameter name.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.