PHP Remote File Inclusion Vulnerability in FrontAccounting by FrontAccounting
CVE-2007-4279

Currently unrated

Key Information:

Vendor: Frontaccounting
Status: Frontaccounting
Vendor: CVE Published:; 9 August 2007

🔔 Create Frontaccounting Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 75%

What is CVE-2007-4279?

A remote file inclusion vulnerability exists in the config.php file of FrontAccounting version 1.12 Build 31. This flaw allows attackers to exploit the 'path_to_root' parameter to execute arbitrary PHP code remotely. If successfully exploited, this vulnerability poses significant risks, enabling attackers to manipulate the application and potentially gain access to sensitive information or compromised systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2007-4279 - Proof of Concept

References

http://arfis.wordpress.com/2007/09/14/rfi-02-frontaccount...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/35873

vdb-entryx_refsource_XF

http://secunia.com/advisories/26350

third-party-advisoryx_refsource_SECUNIA

EPSS Score

75% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 9, 2007
👾
Exploit known to exist
Aug 9, 2007
Vulnerability published
Aug 9, 2007
Vulnerability Reserved
Aug 9, 2007

CVE-2007-4279 Data

JSON