CVE-2005-2733

Simple PHP Blog - RCE

Title source: llm

Description

upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/16883

View Code ZIP pw:eip

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/1191

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/sphpblog_file_upload.rb

View Code ZIP pw:eip

References (4)

[Mailing List] http://marc.info/?l=bugtraq&m=112511159821143&w=2

[Vendor Advisory] http://secunia.com/advisories/16598/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/22012

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/14667

Scores

EPSS 0.7994

EPSS Percentile 99.1%

Details

Status published

Products (1)

alexander_palmo/simple_php_blog 0.4.0

Published Aug 30, 2005

Tracked Since Feb 18, 2026