CVE-2007-4320
published 2007-08-14CVE-2007-4320: PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in…
PriorityP258high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
72.02%
99.4th percentile
PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ncaster | ncaster | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Remote File Inclusion via the 'adminfolder' GET parameter in archive.php; monitor HTTP requests containing a URL (http/https) in the adminfolder parameter targeting admin/addons/archive/archive.php ↗
- →The vulnerable code passes the adminfolder parameter directly into a require() call; look for require() of a remote URL pattern in PHP logs or WAF alerts on this endpoint ↗
- ·Exploitation requires PHP's allow_url_include (and allow_url_fopen) to be enabled on the target server; environments with these directives disabled are not exploitable via this RFI vector ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/36426http://secunia.com/advisories/26383http://www.securityfocus.com/bid/25248http://www.vupen.com/english/advisories/2007/2833https://exchange.xforce.ibmcloud.com/vulnerabilities/35908https://www.exploit-db.com/exploits/4273http://osvdb.org/36426http://secunia.com/advisories/26383http://www.securityfocus.com/bid/25248http://www.vupen.com/english/advisories/2007/2833https://exchange.xforce.ibmcloud.com/vulnerabilities/35908https://www.exploit-db.com/exploits/4273
2007-08-14
Published