CVE-2007-4057

Neocrome Seditio < 121 - Authenticated Arbitrary File Upload via pfs.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4057. PoCs published by A.D.T.

AI-analyzed exploit summary This is a writeup describing a remote file upload vulnerability in Seditio CMS. It explains the steps to exploit the vulnerability by registering on the site and uploading a malicious script disguised as an image file.

Description

Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio 121 and earlier allows remote authenticated users to upload arbitrary PHP code via a filename ending with (1) .php.gif, (2) .php.jpg, or (3) .php.png.

Exploits (1)

exploitdb WRITEUP VERIFIED

by A.D.T · textwebappsphp

https://www.exploit-db.com/exploits/4235

View Code ZIP pw:eip

This is a writeup describing a remote file upload vulnerability in Seditio CMS. It explains the steps to exploit the vulnerability by registering on the site and uploading a malicious script disguised as an image file.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Seditio CMS and Ldu CMS (all versions)

Auth required

Prerequisites: User registration on the target site · Access to the file upload functionality

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/35681

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39023

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4235

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25130

Scores

EPSS 0.0538

EPSS Percentile 90.2%

Details

Status published

Products (1)

neocrome/seditio < 121

Published Jul 30, 2007

Tracked Since Feb 18, 2026