CVE-2007-3586

MyCMS < 0.9.8 - Remote Code Execution via Score Parameter or Login Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3586. PoCs published by BlackHawk.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in MyCMS <= 0.9.8 to achieve remote command execution by writing a malicious PHP shell to the target system. It abuses insecure file handling in game score management and arbitrary file inclusion via the 'scoreid' parameter.

Description

Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files.

Exploits (1)

exploitdb WORKING POC VERIFIED
by BlackHawk · phpwebappsphp
https://www.exploit-db.com/exploits/4144

This exploit leverages a file inclusion vulnerability in MyCMS <= 0.9.8 to achieve remote command execution by writing a malicious PHP shell to the target system. It abuses insecure file handling in game score management and arbitrary file inclusion via the 'scoreid' parameter.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MyCMS <= 0.9.8
No auth needed
Prerequisites: Target must have MyCMS <= 0.9.8 installed · Game score files must be writable · PHP file inclusion must be enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35254
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/45778
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4144
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24757

Scores

EPSS 0.0231
EPSS Percentile 81.1%

Details

CWE
CWE-94
Status published
Products (1)
mycms/mycms < 0.9.8
Published Jul 05, 2007
Tracked Since Feb 18, 2026