Remote File Inclusion Vulnerability in Groupit by Groupit
CVE-2007-1472

Currently unrated

Key Information:

Status
Vendor
CVE Published:
16 March 2007

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2007-1472?

A variable overwrite vulnerability in Groupit 2.00b5 affects the groupit/base/groupit.start.inc file, enabling remote attackers to conduct remote file inclusion attacks. This can lead to the execution of arbitrary PHP code through manipulated arguments written to the $_GLOBALS variable. Exploits have been demonstrated using a URL that specifies multiple parameters, including c_basepath, to access multiple scripts such as content.php, userprofile.php, and others within the html/ directory. This poses a significant risk to users relying on this software, as it may allow unauthorized access and control over the server.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.