cbcvebase.
CVE-2007-4279
published 2007-08-09

CVE-2007-4279: PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the…

PriorityP260high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
75.31%
99.5th percentile
PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.

Affected

3 ranges
VendorProductVersion rangeFixed in
frontaccountingfrontaccounting
frontaccountingfrontaccounting
frontaccountingfrontaccounting

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://site.com/path/config.php?path_to_root=[[Sh3LLScript]]
path/config.php
otherpath_to_root parameter in config.php
  • The vulnerable include is triggered via path_to_root being passed to include_once() in config.php, loading an attacker-controlled language.php from a remote URL.
  • Search engine dork can be used to identify exposed FrontAccounting installations; monitor for dork-based scanning activity.
  • CVE-2007-4279 specifically covers the config.php path_to_root RFI vector in FrontAccounting 1.12; related vectors in access/logout.php and subdirectories are tracked under CVE-2007-5148.
  • ·The RFI is only exploitable if PHP's allow_url_include (or allow_url_fopen for older PHP) is enabled on the target server, as path_to_root must resolve to a remote URL.
  • ·For files other than config.php, the vulnerability is disputed because path_to_root is defined before use; only the config.php vector is confirmed for CVE-2007-4279.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.