CVE-2007-0871

eXtremePow - Code Injection

Title source: llm

Description

Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hamed bazargani · phpwebappsphp

https://www.exploit-db.com/exploits/29574

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/33181

[Exploit] http://www.securityfocus.com/bid/22498

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/32435

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/459562/100/0/threaded

[Third Party Advisory] http://secunia.com/advisories/24088

[Third Party Advisory] http://securityreason.com/securityalert/2231

Scores

EPSS 0.0476

EPSS Percentile 89.5%

Details

Status published

Products (1)

extremepow/extreme_file_hosting

Published Feb 12, 2007

Tracked Since Feb 18, 2026