CVE-2007-3813
published 2007-07-17CVE-2007-3813: PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a…
PriorityP343medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
59.45%
99.0th percentile
PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mkportal | noboard_module | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting mkportal/include/user.php with a URL-like value in the MK_PATH parameter, which indicates remote file inclusion exploitation. ↗
- →Use the dork '"MK noboard"' to identify exposed MKPortal NoBoard installations potentially vulnerable to this RFI. ↗
- ·The MK_PATH parameter must not be user-controllable; ensure PHP's allow_url_include and allow_url_fopen are disabled to mitigate RFI exploitation. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2007-07-17
Published