CVE-2004-2262

e107 < 0.617 - Remote Code Execution via ImageManager PHP File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2262. PoCs published by sysbug.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in e107 CMS, allowing an attacker to upload a malicious PHP file (evil.php) via a multipart/form-data POST request. The uploaded file can then be accessed to execute arbitrary code by including a remote URL parameter.

Description

ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by sysbug · perlwebappsphp

https://www.exploit-db.com/exploits/704

View Code ZIP pw:eip

This exploit targets a file upload vulnerability in e107 CMS, allowing an attacker to upload a malicious PHP file (evil.php) via a multipart/form-data POST request. The uploaded file can then be accessed to execute arbitrary code by including a remote URL parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: e107 CMS (version not specified, likely older versions)

No auth needed

Prerequisites: Target must have e107 CMS installed with vulnerable file upload functionality · Network access to the target web server

MITRE ATT&CK