CVE-2007-0369

phpbp RC3 (2.204) and earlier - SQL Injection via Comment Forum

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0369. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in phpBP <= RC3 (2.204), allowing remote code execution by uploading a malicious PHP file disguised as an image. It requires an admin session and demonstrates the vulnerability by executing arbitrary commands via a custom HTTP header.

Description

SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/3153

View Code ZIP pw:eip

This exploit targets a file upload vulnerability in phpBP <= RC3 (2.204), allowing remote code execution by uploading a malicious PHP file disguised as an image. It requires an admin session and demonstrates the vulnerability by executing arbitrary commands via a custom HTTP header.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: phpBP <= RC3 (2.204)

Auth required

Prerequisites: Admin session ID · Access to the admin panel

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3153

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/31622

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/34763

Scores

EPSS 0.0103

EPSS Percentile 59.1%

Details

Status published

Products (1)

phpbp/phpbp rc3_2.204

Published Jan 19, 2007

Tracked Since Feb 18, 2026