CVE-2007-0900

TagIt! Tagboard <2.1.B Build 2 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 16 public exploits for CVE-2007-0900. PoCs published by K-159.

AI-analyzed exploit summary The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by manipulating the 'configpath' and 'adminpath' parameters in 'tag_process.php'. An attacker can include arbitrary remote files, potentially leading to remote code execution.

Description

Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249.

Exploits (16)

exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29579

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by manipulating the 'configpath' and 'adminpath' parameters in 'tag_process.php'. An attacker can include arbitrary remote files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Network access to the vulnerable application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29578

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard due to insufficient sanitization of user-supplied input in the 'configpath' and 'adminpath' parameters. An attacker can include and execute arbitrary remote files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Access to the vulnerable TagIt! TagBoard application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29593

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by injecting a malicious URL into the 'admin' parameter of wordfilter.php. This allows an attacker to include and execute arbitrary remote code due to insufficient input sanitization.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Network access to the target application · Ability to host malicious code on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29588

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by injecting a malicious URL into the 'configpath' parameter of verify.php. This allows an attacker to execute arbitrary code by including a remote file.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29592

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by manipulating the 'admin' parameter in updatefilter.php to include arbitrary remote files. This allows an attacker to execute malicious code on the target system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29591

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by manipulating the 'admin' parameter in updateconf.php to include arbitrary remote files. This allows an attacker to execute malicious code on the target system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to host a malicious file on an accessible server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29590

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by manipulating the 'admin' parameter in readconf.php to include arbitrary remote files. This allows an attacker to execute malicious code on the target system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29587

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard due to insufficient sanitization of user-supplied data in the 'configpath' parameter. An attacker can include and execute arbitrary remote files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Access to the vulnerable endpoint · Remote file hosting location
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29589

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by manipulating the 'adminpath' parameter in the URL to include a remote file. This allows an attacker to execute arbitrary code on the target system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior versions
No auth needed
Prerequisites: Access to the target URL · Remote file hosting location
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29585

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by manipulating the 'configpath' parameter in 'editTagmin.php' to include a remote file. This allows an attacker to execute arbitrary code on the target system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Remote file hosting location · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29586

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by manipulating the 'configpath' parameter in 'editTag.php' to include a remote file. This allows an attacker to execute arbitrary code on the target system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Remote file hosting location
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29583

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by injecting a malicious URL into the 'configpath' parameter of 'delTagmin.php'. This allows an attacker to execute arbitrary code by including a remote file.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior versions
No auth needed
Prerequisites: Access to the target web application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29584

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by manipulating the 'configpath' parameter in 'delTag.php' to include a remote file. This allows an attacker to execute arbitrary code on the target system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29582

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by injecting a malicious URL into the 'configpath' parameter of 'ban_watch.phpp'. This allows an attacker to execute arbitrary code by including a remote file.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior versions
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29581

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard by manipulating the 'configpath' parameter to include a remote file. This allows an attacker to execute arbitrary code on the target system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/29580

The exploit demonstrates a remote file inclusion vulnerability in TagIt! TagBoard due to insufficient sanitization of user-supplied data in the 'configpath' parameter. An attacker can include and execute arbitrary remote files, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TagIt! TagBoard 2.1.b Build 2 and prior
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (20)

Core 20
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34618
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34614
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34616
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32436
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34607
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34609
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34611
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0557
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34613
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34610
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22518
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34608
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34605
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34606
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34615
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34603
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34612
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34617
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/34604

Scores

EPSS 0.1014
EPSS Percentile 95.1%

Details

Status published
Products (1)
tagit/tagboard < 2.1.b_build_2
Published Feb 13, 2007
Tracked Since Feb 18, 2026