Remote File Inclusion Vulnerabilities in Charray's CMS by Charray
CVE-2007-6179
Currently unrated
Key Information:
- Vendor
Kinson Chan Charray
- Status
- Vendor
- CVE Published:
- 30 November 2007
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2007-6179?
Charray's CMS version 0.9.3 contains multiple PHP remote file inclusion vulnerabilities that permit remote attackers to execute arbitrary PHP code. This is achieved by exploiting the ccms_library_path parameter in key files such as markdown.php and gallery.php in the decoder module. Attackers can manipulate the URL inputs to inject malicious code, potentially compromising the security of the web application.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
