CVE-2007-5720

ProfileCMS 1.0 - Unauthenticated Arbitrary PHP File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5720. PoCs published by [email protected].

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in ProfileCMS v1.0, allowing attackers to upload PHP shells instead of images during profile creation. The exploit lacks actual code but provides a demonstration URL and dorks for finding vulnerable sites.

Description

Unrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile.

Exploits (1)

exploitdb WRITEUP VERIFIED
by [email protected] · textwebappsphp
https://www.exploit-db.com/exploits/4586

This is a writeup describing an arbitrary file upload vulnerability in ProfileCMS v1.0, allowing attackers to upload PHP shells instead of images during profile creation. The exploit lacks actual code but provides a demonstration URL and dorks for finding vulnerable sites.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: ProfileCMS v1.0
No auth needed
Prerequisites: Access to the profile creation page · Ability to upload files
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/45297
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26242
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4586
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38185

Scores

EPSS 0.0452
EPSS Percentile 89.3%

Details

CWE
CWE-94
Status published
Products (1)
profilecms/profilecms 1.0
Published Oct 30, 2007
Tracked Since Feb 18, 2026