CVE-2007-5156

FCKeditor - Remote Code Execution via File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-5156. PoCs published by Stack, EgiX.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in Syntax CMS <= 1.3 via FCKeditor, allowing arbitrary file uploads by bypassing extension checks. It uploads a malicious PHP shell and provides interactive command execution.

Description

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Stack · phpwebappsphp
https://www.exploit-db.com/exploits/5688

This exploit targets a file upload vulnerability in Syntax CMS <= 1.3 via FCKeditor, allowing arbitrary file uploads by bypassing extension checks. It uploads a malicious PHP shell and provides interactive command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Syntax CMS <= 1.3 (FCKeditor)
No auth needed
Prerequisites: FCKeditor with default configuration · Access to the upload endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by EgiX · textwebappsphp
https://www.exploit-db.com/exploits/5618

This exploit leverages an arbitrary file upload vulnerability in La-Nai CMS <= 1.2.16 via the FCKeditor component. It uploads a malicious PHP shell disguised as an image file and provides interactive command execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: La-Nai CMS <= 1.2.16
No auth needed
Prerequisites: Network access to the target web server · FCKeditor component enabled in La-Nai CMS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30677
Vendor Advisory x_refsource_misc
http://dev.fckeditor.net/ticket/1325
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5688
Exploit, Third Party Advisory x_refsource_misc
http://www.waraxe.us/advisory-57.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29422
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42733
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5618
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44455
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42425
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27123
Exploit, Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3182
Vendor Advisory x_refsource_misc
http://dev.fckeditor.net/changeset/973
Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/480830/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27174
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3464
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3465

Scores

EPSS 0.0800
EPSS Percentile 94.0%

Details

Status published
Products (4)
cardinal_cms_project/cardinal_cms 1.2
redlinesoft/lanai_cms < 1.2.16
sitex_cms_project/sitex_cms 0.7.3 beta
syntax_cms_project/syntax_cms < 1.3
Published Oct 01, 2007
Tracked Since Feb 18, 2026