CVE-2007-0972

Jupiter CMS 1.1.5 - Unauthenticated Arbitrary File Upload via Emoticons Module

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0972. PoCs published by DarkFig.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in Jupiter CMS 1.1.5, allowing an attacker to upload a malicious PHP file by bypassing file type restrictions. The PoC uses a custom `phpsploit` class to craft a multipart/form-data request and retrieve the uploaded file.

Description

Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · phpwebappsphp

https://www.exploit-db.com/exploits/3311

View Code ZIP pw:eip

This exploit targets a file upload vulnerability in Jupiter CMS 1.1.5, allowing an attacker to upload a malicious PHP file by bypassing file type restrictions. The PoC uses a custom `phpsploit` class to craft a multipart/form-data request and retrieve the uploaded file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Jupiter CMS 1.1.5

No auth needed

Prerequisites: Network access to the target Jupiter CMS instance · File upload functionality enabled in the target application

MITRE ATT&CK