CVE-2007-4905

AuraCMS 2.1 - Unauthenticated Arbitrary File Upload via mod/contak.php Image Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4905. PoCs published by k1tk4t.

AI-analyzed exploit summary This exploit demonstrates a remote file attachment vulnerability in AuraCMS 2.1, allowing arbitrary file uploads to the '/files/' directory, and a local file inclusion vulnerability due to improper input validation in 'index.php'. The PoC includes steps to upload a shell and access sensitive files via path traversal.

Description

Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by k1tk4t · textwebappsphp

https://www.exploit-db.com/exploits/4390

View Code ZIP pw:eip

This exploit demonstrates a remote file attachment vulnerability in AuraCMS 2.1, allowing arbitrary file uploads to the '/files/' directory, and a local file inclusion vulnerability due to improper input validation in 'index.php'. The PoC includes steps to upload a shell and access sensitive files via path traversal.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AuraCMS 2.1

No auth needed

Prerequisites: magic_quotes_gpc must be off · file upload functionality accessible

MITRE ATT&CK