CVE-2007-3587

MyCMS <0.9.8 - Privilege Escalation

Title source: llm

Description

MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackHawk · phpwebappsphp

https://www.exploit-db.com/exploits/4145

View Code ZIP pw:eip

References (6)

[Exploit] http://www.securityfocus.com/bid/24757

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484064/100/100/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484111/100/100/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4145

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35254

[Third Party Advisory, VDB Entry] http://osvdb.org/45779

Scores

EPSS 0.1116

EPSS Percentile 93.5%

Details

Status published

Products (1)

mycms/mycms < 0.9.8

Published Jul 05, 2007

Tracked Since Feb 18, 2026