CVE-2007-5063

Adam Scheinberg Flip <= 3.0 - Unauthenticated Sensitive Information Exposure via Direct Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5063. PoCs published by undefined1_.

AI-analyzed exploit summary This exploit targets Flip <= 3.0 to disclose password hashes by fetching the 'users.txt' file via an HTTP GET request. It parses the response to extract usernames and MD5 hashes.

Description

Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt.

Exploits (1)

exploitdb WORKING POC VERIFIED

by undefined1_ · perlwebappsphp

https://www.exploit-db.com/exploits/4436

View Code ZIP pw:eip

This exploit targets Flip <= 3.0 to disclose password hashes by fetching the 'users.txt' file via an HTTP GET request. It parses the response to extract usernames and MD5 hashes.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Flip <= 3.0

No auth needed

Prerequisites: Network access to the target server · Flip application running on the target

MITRE ATT&CK

T1592 - Gather Victim Host Information T1087 - Account Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/36710

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/41903

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4436

Scores

EPSS 0.0624

EPSS Percentile 92.6%

Details

CWE

CWE-255

Status published

Products (1)

adam_scheinberg/flip < 3.0

Published Sep 24, 2007

Tracked Since Feb 18, 2026