CVE-2007-2969
published 2007-06-01CVE-2007-2969: PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in…
PriorityP259high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
61.73%
99.1th percentile
PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wanewsletter | wanewsletter | <= 2.1.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting newsletter.php with a URL-like or remote path value in the 'waroot' GET parameter, indicating remote file inclusion attempt. ↗
- →The vulnerable code sink is a require_once() call using the unsanitized waroot parameter; look for waroot values containing 'http://' or 'https://' in web server logs. ↗
- ·The exploit payload appends 'start.php' to the attacker-supplied waroot value, so the remote shell URL must be crafted to account for this suffix (e.g., using a null byte or query string terminator). ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2007-06-01
Published