CVE-2007-2780

PsychoStats <3.0.6b - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2780. PoCs published by kefka.

AI-analyzed exploit summary The exploit describes a path-disclosure vulnerability in PsychoStats 3.0.6b and prior versions. By submitting invalid data via the 'newtheme' parameter, an attacker can disclose sensitive path information.

Description

PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED
by kefka · textwebappsphp
https://www.exploit-db.com/exploits/30051

The exploit describes a path-disclosure vulnerability in PsychoStats 3.0.6b and prior versions. By submitting invalid data via the 'newtheme' parameter, an attacker can disclose sensitive path information.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PsychoStats <= 3.0.6b
No auth needed
Prerequisites: Access to the target server's server.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24039
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/39738
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=117947165628273&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36582
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34366
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=117948032428148&w=2

Scores

EPSS 0.0302
EPSS Percentile 85.8%

Details

CWE
CWE-200
Status published
Products (9)
psychostats/psychostats 2.0 beta
psychostats/psychostats 2.0.1 beta
psychostats/psychostats 2.1 beta
psychostats/psychostats 2.2 beta
psychostats/psychostats 2.2.1 beta
psychostats/psychostats 2.2.2 beta
psychostats/psychostats 2.2.4 beta
psychostats/psychostats 2.3 beta
psychostats/psychostats < 3.0.6b
Published May 21, 2007
Tracked Since Feb 18, 2026