CVE-2007-1382

PHP COM Extensions - Remote Code Execution via WScript.Shell COM Object

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1382. PoCs published by anonymous.

AI-analyzed exploit summary This exploit bypasses PHP's safe_mode by leveraging the COM extension to execute arbitrary commands via WScript.Shell. It captures command output and displays it in the browser.

Description

The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · phplocalwindows

https://www.exploit-db.com/exploits/3429

View Code ZIP pw:eip

This exploit bypasses PHP's safe_mode by leveraging the COM extension to execute arbitrary commands via WScript.Shell. It captures command output and displays it in the browser.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHP with COM extension on Windows (versions with safe_mode vulnerable to this bypass)

No auth needed

Prerequisites: PHP with COM extension enabled · Windows OS · safe_mode enabled (vulnerable configuration)

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3429

Scores

EPSS 0.0161

EPSS Percentile 72.8%

Details

Status published

Products (1)

php/com_extensions

Published Mar 10, 2007

Tracked Since Feb 18, 2026