CVE-2007-1552

Metaforum - Unrestricted File Upload

Title source: rule

Description

Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension such as .php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gu1ll4um3r0m41n · phpwebappsphp

https://www.exploit-db.com/exploits/3516

View Code ZIP pw:eip

References (7)

[Exploit] http://www.aeroxteam.fr/exploit-MetaForum-0.513b.txt

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33097

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/463178/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23032

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3516

[Third Party Advisory, VDB Entry] http://osvdb.org/34523

[Third Party Advisory] http://securityreason.com/securityalert/2454

Scores

EPSS 0.1827

EPSS Percentile 95.2%

Details

Status published

Products (1)

metaforum/metaforum 0.513_beta

Published Mar 20, 2007

Tracked Since Feb 18, 2026