CVE-2007-2182

Maran PHP Forum - Unauthenticated Arbitrary File Upload via Trailing Null Byte in Filename

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2182. PoCs published by Dj7xpl.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in Maran PHP Forum to achieve remote code execution by injecting arbitrary commands via the 'name' parameter, which are then executed through passthru().

Description

Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Dj7xpl · textwebappsphp
https://www.exploit-db.com/exploits/3775

This exploit leverages a file inclusion vulnerability in Maran PHP Forum to achieve remote code execution by injecting arbitrary commands via the 'name' parameter, which are then executed through passthru().

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Maran PHP Forum
No auth needed
Prerequisites: Target must have Maran PHP Forum installed · forum_write.php must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3775
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33802
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23614
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1493
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24968

Scores

EPSS 0.0441
EPSS Percentile 90.1%

Details

Status published
Products (1)
maran/php_forum
Published Apr 24, 2007
Tracked Since Feb 18, 2026