Eval Injection Vulnerability in ADOdb Lite Affecting Various CMS Products
CVE-2007-5056

Currently unrated

Key Information:

Vendor

Adodb Lite

Status
Adodb Lite
SAPid Cmf
Pacercms
Open-realty
Vendor
CVE Published:
24 September 2007

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 81%

What is CVE-2007-5056?

The eval injection vulnerability identified in ADOdb Lite version 1.42 and earlier allows attackers to execute arbitrary PHP code via manipulated input in the last_module parameter. This flaw is present in various content management systems, including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty. If exploited, it can lead to significant security breaches, providing unauthorized access and control over the affected systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2007-5056 - Proof of Concept

CVE-2007-5056 - Proof of Concept

CVE-2007-5056 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/40395
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/25768
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/40396
vdb-entryx_refsource_XF

EPSS Score

81% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.