CVE-2007-0049

Geckovich TaskTracker Pro <1.5 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0049. PoCs published by ajann.

AI-analyzed exploit summary This exploit is an HTML form that allows an attacker to add an admin user to TaskTracker by submitting a POST request to Customize.asp. It bypasses authentication by directly submitting user details with admin privileges.

Description

Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ajann · htmlwebappsasp
https://www.exploit-db.com/exploits/3068

This exploit is an HTML form that allows an attacker to add an admin user to TaskTracker by submitting a POST request to Customize.asp. It bypasses authentication by directly submitting user details with admin privileges.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: TaskTracker (all versions)
No auth needed
Prerequisites: Network access to the target application · Knowledge of the target path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/31682
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23564
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21847
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3068
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31235

Scores

EPSS 0.0242
EPSS Percentile 82.0%

Details

Status published
Products (2)
geckovich/tasktracker 1.4
geckovich/tasktracker_pro < 1.5
Published Jan 04, 2007
Tracked Since Feb 18, 2026