CVE-2007-4637

xGB 2.0 - Unauthenticated Admin Action Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4637. PoCs published by DarkFuneral.

AI-analyzed exploit summary This is a writeup describing a permission bypass vulnerability in xGB 2.0. The exploit involves accessing an admin function without authentication by manipulating the URL parameters.

Description

xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps.

Exploits (1)

exploitdb WRITEUP VERIFIED
by DarkFuneral · textwebappsphp
https://www.exploit-db.com/exploits/4336

This is a writeup describing a permission bypass vulnerability in xGB 2.0. The exploit involves accessing an admin function without authentication by manipulating the URL parameters.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: xGB 2.0
No auth needed
Prerequisites: Access to the target URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4336

Scores

EPSS 0.0746
EPSS Percentile 91.9%

Details

Status published
Products (1)
xgb/xgb 2.0
Published Aug 31, 2007
Tracked Since Feb 18, 2026