cbcvebase.
CVE-2007-4712
published 2007-09-05

CVE-2007-4712: PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
57.94%
99.0th percentile
PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
enetmanenetman

Detection & IOCsextracted from sources · hover to see the quote

pathsenetman/html/index.php
urlindex.php?page=
  • Monitor HTTP requests to index.php containing a URL-like value in the 'page' parameter, which is the RFI injection point for CVE-2007-4712.
  • The exploit targets the path senetman/html/index.php with the 'page' query parameter; alert on GET/POST requests matching this path pattern with external URLs as parameter values.
  • ·The exploit targets eNetman version 20050830 (also referenced as version 1); only installations of this specific version are vulnerable.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.