cbcvebase.
CVE-2007-3325
published 2007-06-21

CVE-2007-3325: PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP…

PriorityP356high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
64.36%
99.1th percentile
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.

Affected

1 ranges
VendorProductVersion rangeFixed in
lmslan_management_system<= 1.6.9

Detection & IOCsextracted from sources · hover to see the quote

path/lib/language.php
urlhttp://www.lms.org.pl/download/1.9/lms-1.9.6.tar.gz
command?_LIB_DIR=[Evil_Script]?&cmd=
  • Detect HTTP requests targeting lib/language.php with a URL-based value in the _LIB_DIR parameter, indicating remote file inclusion exploitation attempt.
  • Look for GET requests to /lib/language.php containing _LIB_DIR= with an http:// or https:// value in the query string, as the exploit passes a remote shell URL directly in this parameter.
  • The exploit appends a cmd= parameter alongside _LIB_DIR= to pass OS commands to the included remote shell; monitor for both parameters appearing together in requests to language.php.
  • ·The vulnerable parameter _LIB_DIR must accept a full URL; ensure PHP's allow_url_include and allow_url_fopen are enabled on the target for exploitation to succeed — hardened configurations may not be exploitable.
  • ·This is a different attack vector from CVE-2007-1643 and CVE-2007-2205; detection rules for those CVEs will not cover this specific lib/language.php/_LIB_DIR vector.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.