CVE-2007-2204

GPL PHP Board unstable-2001.11.14-1 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2204. PoCs published by ThE TiGeR.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in GPB Bulletin Board. It allows an attacker to include arbitrary files via manipulated 'theme' and 'root_path' parameters in multiple PHP scripts.

Description

Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) db.mysql.inc.php or (2) gpb.inc.php in include/, or the (3) theme parameter to themes/ubb/login.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ThE TiGeR · textwebappsphp

https://www.exploit-db.com/exploits/3786

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in GPB Bulletin Board. It allows an attacker to include arbitrary files via manipulated 'theme' and 'root_path' parameters in multiple PHP scripts.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: GPB Bulletin Board unstable-2001.11.14-1

No auth needed

Prerequisites: Target must have GPB Bulletin Board installed · Remote file inclusion must be enabled on the server

MITRE ATT&CK