CVE-2007-1255

Connectix Boards <= 0.7 - Authenticated Arbitrary PHP Code Execution via GIF Smiley Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1255. PoCs published by DarkFig.

AI-analyzed exploit summary This exploit targets Connectix Boards <= 0.7, leveraging SQL injection for privilege escalation and arbitrary file upload for remote code execution. It authenticates, injects malicious SQL to escalate privileges, and uploads a fake JPG containing PHP code to achieve RCE.

Description

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · phpwebappsphp

https://www.exploit-db.com/exploits/3352

View Code ZIP pw:eip

This exploit targets Connectix Boards <= 0.7, leveraging SQL injection for privilege escalation and arbitrary file upload for remote code execution. It authenticates, injects malicious SQL to escalate privileges, and uploads a fake JPG containing PHP code to achieve RCE.

Classification

Working Poc 95%

Attack Type

Rce | Sqli | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Connectix Boards <= 0.7

Auth required

Prerequisites: Valid user credentials · Access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24255

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2364

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/33538

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/460947/100/0/threaded

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3352

Scores

EPSS 0.0087

EPSS Percentile 53.9%

Details

Status published

Products (14)

connectix/connectix_boards 0.4

connectix/connectix_boards 0.4.1

connectix/connectix_boards 0.4.2

connectix/connectix_boards 0.4.3

connectix/connectix_boards 0.4.4

connectix/connectix_boards 0.5

connectix/connectix_boards 0.5.1

connectix/connectix_boards 0.5.2

connectix/connectix_boards 0.5.3

connectix/connectix_boards 0.5.4

... and 4 more

Published Mar 03, 2007

Tracked Since Feb 18, 2026