CVE-2007-2141

ShoutPro 1.5.2 - Code Injection

Title source: llm

Description

Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gammarays · phpwebappsphp

https://www.exploit-db.com/exploits/3758

View Code ZIP pw:eip

References (8)

[Exploit] http://www.securityfocus.com/bid/23542

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33727

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/466037/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3758

[Third Party Advisory, VDB Entry] http://osvdb.org/34999

[Third Party Advisory] http://secunia.com/advisories/24939

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1432

[Third Party Advisory] http://securityreason.com/securityalert/2593

Scores

EPSS 0.0810

EPSS Percentile 92.2%

Details

Status published

Products (1)

shoutpro/shoutpro < 1.5.2

Published Apr 19, 2007

Tracked Since Feb 18, 2026