CVE-2007-1412

PHP - Information Disclosure via cpdf_open Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1412. PoCs published by rgod.

AI-analyzed exploit summary This exploit demonstrates a source code disclosure vulnerability in PHP 4.4.6 via the cpdf_open() function. By passing a long string as an argument, it triggers an error that leaks source code, including sensitive information like passwords.

Description

The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phplocalmultiple

https://www.exploit-db.com/exploits/3442

View Code ZIP pw:eip

This exploit demonstrates a source code disclosure vulnerability in PHP 4.4.6 via the cpdf_open() function. By passing a long string as an argument, it triggers an error that leaks source code, including sensitive information like passwords.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PHP 4.4.6 with cpdf extension

No auth needed

Prerequisites: cpdf extension loaded in PHP 4.4.6

MITRE ATT&CK

T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22897

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/32986

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3442

Scores

EPSS 0.0584

EPSS Percentile 92.2%

Details

Status published

Products (1)

php/php 4.4.6

Published Mar 12, 2007

Tracked Since Feb 18, 2026