cbcvebase.
CVE-2007-2676
published 2007-05-14

CVE-2007-2676: PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a…

PriorityP357high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
69.95%
99.3th percentile
PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
open_translation_engineopen_translation_engine

Detection & IOCsextracted from sources · hover to see the quote

pathskins/header.php
command[Path]/skins/header.php?ote_home=Shell
  • Detect HTTP requests targeting skins/header.php with a URL-like value in the ote_home query parameter, indicative of remote file inclusion exploitation.
  • The vulnerable parameter is 'ote_home' in skins/header.php; monitor for external URLs or shell paths passed to this parameter.
  • ·Exploitation requires the PHP 'allow_url_include' (or 'allow_url_fopen') directive to be enabled on the target server for remote file inclusion to succeed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.