PHP Remote File Inclusion Vulnerability in Jshop Server by Jshop
CVE-2007-0232

Currently unrated

Key Information:

Vendor: Jshop E-commerce
Status: Jshop Server
Vendor: CVE Published:; 13 January 2007

🔔 Create Jshop E-commerce Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 10%

What is CVE-2007-0232?

The remote file inclusion vulnerability in Jshop Server 1.3 is due to inadequate validation of user-supplied input within the routines/fieldValidation.php file. This flaw enables remote attackers to include and execute arbitrary PHP code by passing a specially crafted URL through the 'jssShopFileSystem' parameter. If exploited, this can lead to significant breaches of server integrity and unauthorized access to sensitive data.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2007-0232 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/31425

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/456591/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/21995

vdb-entryx_refsource_BID

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 13, 2007
👾
Exploit known to exist
Jan 13, 2007
Vulnerability published
Jan 13, 2007
Vulnerability Reserved
Jan 12, 2007

CVE-2007-0232 Data

JSON