CVE-2005-0272

ReviewPost PHP Pro <2.84 - RCE

Title source: llm

Description

ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/43821

View Code ZIP pw:eip

References (4)

[Mailing List] http://marc.info/?l=bugtraq&m=110485682424110&w=2

[Patch, Vendor Advisory] http://secunia.com/advisories/13697/

[Various Sources] http://www.gulftech.org/?node=research&article_id=00062-01022005

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18735

Scores

EPSS 0.0348

EPSS Percentile 87.6%

Details

Status published

Products (3)

photopost/reviewpost_php_pro 1.0.2

photopost/reviewpost_php_pro 2.5

photopost/reviewpost_php_pro < 2.5.1

Published May 02, 2005

Tracked Since Feb 18, 2026