CVE-2007-6470

phpRPG 0.8 - Session Hijacking via Insecure Session File Storage

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6470. PoCs published by Michael Brooks.

AI-analyzed exploit summary The provided text describes two vulnerabilities in phpRPG 0.8.0: an SQL injection flaw and a session access vulnerability. It references a directory path (/tmp/) that may expose sensitive session data but lacks actual exploit code.

Description

phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Michael Brooks · textwebappsphp

https://www.exploit-db.com/exploits/30888

View Code ZIP pw:eip

The provided text describes two vulnerabilities in phpRPG 0.8.0: an SQL injection flaw and a session access vulnerability. It references a directory path (/tmp/) that may expose sensitive session data but lacks actual exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: phpRPG 0.8.0

No auth needed

Prerequisites: access to the /tmp/ directory of the target application

MITRE ATT&CK

T1189 - Drive-by Compromise T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27968

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=119774326804168&w=2

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26884

Scores

EPSS 0.0209

EPSS Percentile 79.1%

Details

CWE

CWE-264

Status published

Products (1)

phprpg/phprpg 0.8

Published Dec 20, 2007

Tracked Since Feb 18, 2026