CVE-2007-3584

PNphpBB2 < 1.2i - SQL Injection via viewforum.php order Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3584. PoCs published by Coloss.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in PNphpBB2's viewforum.php, allowing an attacker to extract the admin's password hash by analyzing server response delays. It uses time-based techniques to brute-force each character of the hash.

Description

SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Coloss · phpwebappsphp

https://www.exploit-db.com/exploits/4147

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in PNphpBB2's viewforum.php, allowing an attacker to extract the admin's password hash by analyzing server response delays. It uses time-based techniques to brute-force each character of the hash.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: PNphpBB2 <= 1.2i

No auth needed

Prerequisites: At least 2 posts in the forum · MySQL database with specific functions (e.g., BENCHMARK, MD5)

MITRE ATT&CK

T1505 - Server Software Component T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/45777

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4147

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/35256

Scores

EPSS 0.0103

EPSS Percentile 59.2%

Details

Status published

Products (1)

postnuke_software_foundation/pnphpbb2 < 1.2i

Published Jul 05, 2007

Tracked Since Feb 18, 2026