CVE-2005-0272

ReviewPost PHP Pro < 2.84 - Unauthenticated Arbitrary File Upload via Multiple Extensions Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0272.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in ReviewPost <= 2.84, including XSS, SQL injection, and arbitrary file upload. It provides specific exploit paths and technical context but does not include functional exploit code.

Description

ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/43821

This advisory details multiple vulnerabilities in ReviewPost <= 2.84, including XSS, SQL injection, and arbitrary file upload. It provides specific exploit paths and technical context but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Xss | Sqli | Other
Complexity
Moderate
Reliability
Theoretical
Target: ReviewPost <= 2.84
No auth needed
Prerequisites: Access to vulnerable ReviewPost instance
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18735
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/13697/
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110485682424110&w=2

Scores

EPSS 0.0266
EPSS Percentile 83.7%

Details

Status published
Products (3)
photopost/reviewpost_php_pro 1.0.2
photopost/reviewpost_php_pro 2.5
photopost/reviewpost_php_pro < 2.5.1
Published May 02, 2005
Tracked Since Feb 18, 2026