cbcvebase.
CVE-2007-5099
published 2007-09-26

CVE-2007-5099: PHP remote file inclusion vulnerability in show.php in David Watters Helplink 0.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the file…

PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
52.96%
98.8th percentile
PHP remote file inclusion vulnerability in show.php in David Watters Helplink 0.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
david_wattershelplink

Detection & IOCsextracted from sources · hover to see the quote

url/show.php?file=
  • Monitor HTTP requests to show.php with a 'file' parameter containing a remote URL, indicating attempted PHP remote file inclusion exploitation.
  • Flag any GET/POST request targeting show.php where the 'file' parameter value begins with http:// or https://, as this is the attack vector for arbitrary PHP code execution.
  • ·Vulnerability is specific to Helplink version 0.1.0 only; other versions are not confirmed affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.