CVE-2007-2141

ShoutPro < 1.5.2 - Remote Code Execution via Shout Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2141. PoCs published by Gammarays.

AI-analyzed exploit summary This exploit targets a PHP code injection vulnerability in ShoutPro 1.5.2 by writing arbitrary PHP code to the shouts.php file. It deploys a temporary payload to write a file and a main payload to execute commands, then cleans up by removing the temporary file.

Description

Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gammarays · phpwebappsphp

https://www.exploit-db.com/exploits/3758

View Code ZIP pw:eip

This exploit targets a PHP code injection vulnerability in ShoutPro 1.5.2 by writing arbitrary PHP code to the shouts.php file. It deploys a temporary payload to write a file and a main payload to execute commands, then cleans up by removing the temporary file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ShoutPro 1.5.2

No auth needed

Prerequisites: Target URL with vulnerable ShoutPro installation · Write permissions on the shouts.php file

MITRE ATT&CK