CVE-2007-3199

Link Request Contact Form 3.4 - Unauthenticated Arbitrary PHP File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3199. PoCs published by CorryL.

AI-analyzed exploit summary This exploit demonstrates a file upload vulnerability in Link Request Contact Form v3.4, allowing remote code execution by uploading a malicious PHP file disguised as an image. The PoC uses a multipart/form-data POST request to bypass file type restrictions and execute arbitrary commands via a shell.

Description

Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CorryL · textwebappsphp

https://www.exploit-db.com/exploits/4059

View Code ZIP pw:eip

This exploit demonstrates a file upload vulnerability in Link Request Contact Form v3.4, allowing remote code execution by uploading a malicious PHP file disguised as an image. The PoC uses a multipart/form-data POST request to bypass file type restrictions and execute arbitrary commands via a shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Link Request Contact Form v3.4

No auth needed

Prerequisites: Network access to the target server · The target application must be running Link Request Contact Form v3.4

MITRE ATT&CK