CVE-2007-5817

MEDIUM

ContentCustomizer < 3.1mp - Cross-Site Scripting via Privileged Actions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5817. PoCs published by d3hydr8.

AI-analyzed exploit summary This exploit demonstrates an unauthorized access vulnerability in CONTENTCustomizer 3.1mp due to insufficient input sanitization. It allows arbitrary file deletion, renaming, and content resetting via crafted HTTP requests.

Description

dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other attacks.

Exploits (1)

exploitdb WORKING POC VERIFIED

by d3hydr8 · textwebappsphp

https://www.exploit-db.com/exploits/30764

View Code ZIP pw:eip

This exploit demonstrates an unauthorized access vulnerability in CONTENTCustomizer 3.1mp due to insufficient input sanitization. It allows arbitrary file deletion, renaming, and content resetting via crafted HTTP requests.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: CONTENTCustomizer 3.1mp

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_misc

http://packetstorm.linuxsecurity.com/0710-exploits/contentcustom-disclose.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26437

Scores

CVSS v3 6.1

EPSS 0.0103

EPSS Percentile 59.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

contentcustomizer/contentcustomizer < 3.1mp

Published Nov 05, 2007

Tracked Since Feb 18, 2026