CVE-2007-3199

American Financing Link Request Conta... - Unrestricted File Upload

Title source: rule

Description

Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CorryL · textwebappsphp

https://www.exploit-db.com/exploits/4059

View Code ZIP pw:eip

References (7)

Core 7

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/24408

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/37204

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25614

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/34801

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4059

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2143

Various Sources x_refsource_misc

http://corryl.altervista.org/index.php?mod=Download/Exploit#exploit-LRCF-v3.4.rar

Scores

EPSS 0.1355

EPSS Percentile 94.3%

Details

Status published

Products (1)

american_financing/link_request_contact_form 3.4

Published Jun 12, 2007

Tracked Since Feb 18, 2026