CVE-2007-3272

MiniBB 2.0.5 - Directory Traversal via Language Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3272. PoCs published by Dj7xpl.

AI-analyzed exploit summary This exploit targets a file inclusion vulnerability in MiniBB 2.0.5 by manipulating the 'language' parameter during user registration to include arbitrary files. It sends a crafted POST request to trigger the vulnerability and retrieve the contents of the specified file.

Description

Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter in a register action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dj7xpl · phpwebappsphp

https://www.exploit-db.com/exploits/4076

View Code ZIP pw:eip

This exploit targets a file inclusion vulnerability in MiniBB 2.0.5 by manipulating the 'language' parameter during user registration to include arbitrary files. It sends a crafted POST request to trigger the vulnerability and retrieve the contents of the specified file.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MiniBB 2.0.5

No auth needed

Prerequisites: Target must be running MiniBB 2.0.5 · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/34920

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/24503

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4076

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/38469

Scores

EPSS 0.0284

EPSS Percentile 84.8%

Details

Status published

Products (1)

minibb/minibb 2.0.5

Published Jun 19, 2007

Tracked Since Feb 18, 2026