Remote File Inclusion Vulnerabilities in Charray's CMS by Charray
CVE-2007-6179

Currently unrated

Key Information:

Status
Vendor
CVE Published:
30 November 2007

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2007-6179?

Charray's CMS version 0.9.3 contains multiple PHP remote file inclusion vulnerabilities that permit remote attackers to execute arbitrary PHP code. This is achieved by exploiting the ccms_library_path parameter in key files such as markdown.php and gallery.php in the decoder module. Attackers can manipulate the URL inputs to inject malicious code, potentially compromising the security of the web application.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.