CVE-2007-5306

ELSEIF CMS Beta 0.6 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5306.

AI-analyzed exploit summary This exploit demonstrates a file upload vulnerability in Else If CMS Beta 0.6, allowing an attacker to upload a malicious PHP shell via the 'swfupload/upload.php' endpoint. The exploit constructs a multipart/form-data POST request to bypass restrictions and achieve remote code execution.

Description

ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php.

Exploits (1)

exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/4490

This exploit demonstrates a file upload vulnerability in Else If CMS Beta 0.6, allowing an attacker to upload a malicious PHP shell via the 'swfupload/upload.php' endpoint. The exploit constructs a multipart/form-data POST request to bypass restrictions and achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Else If CMS Beta 0.6
No auth needed
Prerequisites: Network access to the target CMS · File upload endpoint accessible
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25951
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37003
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/40419
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481683/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3204

Scores

EPSS 0.0284
EPSS Percentile 84.8%

Details

CWE
CWE-22
Status published
Products (1)
yannick_tanguy/else_if_cms 0.6-beta
Published Oct 09, 2007
Tracked Since Feb 18, 2026