CVE-2007-1413

PHP < 5.2.3 - Buffer Overflow in SNMP Extension via snmpget Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-1413. PoCs published by Inphex, shinnai, rgod.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the SNMP extension for PHP. It uses a crafted SNMP request with a malicious payload to execute arbitrary shellcode, resulting in a bind shell on TCP port 4444.

Description

Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).

Exploits (3)

exploitdb WORKING POC VERIFIED
by Inphex · phplocalwindows
https://www.exploit-db.com/exploits/4274

This exploit targets a buffer overflow vulnerability in the SNMP extension for PHP. It uses a crafted SNMP request with a malicious payload to execute arbitrary shellcode, resulting in a bind shell on TCP port 4444.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PHP with SNMP extension (likely older versions)
No auth needed
Prerequisites: PHP with SNMP extension enabled · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by shinnai · phplocalwindows
https://www.exploit-db.com/exploits/4204

This exploit targets a buffer overflow vulnerability in PHP's snmpget() function (CVE-2007-1413) by overwriting the EIP register with a call to ESP, followed by NOP sleds and shellcode to execute calc.exe. It requires the SNMP extension to be loaded.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PHP <= 5.2.3
No auth needed
Prerequisites: SNMP extension enabled in PHP · Windows XP SP2 (as tested)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by rgod · phplocalwindows
https://www.exploit-db.com/exploits/3439

This exploit targets a buffer overflow vulnerability in PHP 4.4.6's snmpget() function. It uses a crafted object ID to overwrite the EIP and execute arbitrary shellcode, launching 'notepad' as a proof of concept.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PHP 4.4.6 with SNMP extension
No auth needed
Prerequisites: SNMP extension loaded in PHP · PHP 4.4.6 on Windows XP SP2
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35517
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4204
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3439
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24440
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22893

Scores

EPSS 0.1109
EPSS Percentile 95.4%

Details

CWE
CWE-119
Status published
Products (2)
php/php 4.4.6
php/php < 5.2.3
Published Mar 12, 2007
Tracked Since Feb 18, 2026