CVE-2007-5305

ELSEIF CMS Beta 0.6 - Remote Code Execution via PHP File Inclusion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5305.

AI-analyzed exploit summary This exploit demonstrates a file upload vulnerability in Else If CMS Beta 0.6, allowing an attacker to upload a malicious PHP shell via the 'swfupload/upload.php' endpoint. The exploit constructs a multipart/form-data POST request to bypass restrictions and achieve remote code execution.

Description

Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/4490

View Code ZIP pw:eip

This exploit demonstrates a file upload vulnerability in Else If CMS Beta 0.6, allowing an attacker to upload a malicious PHP shell via the 'swfupload/upload.php' endpoint. The exploit constructs a multipart/form-data POST request to bypass restrictions and achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Else If CMS Beta 0.6

No auth needed

Prerequisites: Network access to the target · File upload endpoint accessible

MITRE ATT&CK