CVE-2008-6806

7shop < 1.1 - Unauthenticated Arbitrary File Upload via Image Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6806. PoCs published by t0pP8uZz, threatcode.

AI-analyzed exploit summary This Perl script exploits a file upload vulnerability in 7Shop <= 1.1 by spoofing the Content-Type header to bypass restrictions, allowing arbitrary file upload. The script uploads a local file to the target server and provides the URL to access the uploaded file.

Description

Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.

Exploits (2)

exploitdb WORKING POC VERIFIED
by t0pP8uZz · perlwebappsphp
https://www.exploit-db.com/exploits/6866

This Perl script exploits a file upload vulnerability in 7Shop <= 1.1 by spoofing the Content-Type header to bypass restrictions, allowing arbitrary file upload. The script uploads a local file to the target server and provides the URL to access the uploaded file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: 7Shop <= 1.1
No auth needed
Prerequisites: Network access to the target server · A local file to upload
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by threatcode · poc
https://github.com/threatcode/CVE-2008-6806

The exploit demonstrates a file upload vulnerability in 7shop's imageupload.php, allowing arbitrary file upload by spoofing the Content-Type header. It uploads a local file to the target server and provides a URL to access the uploaded file.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: 7shop <= 1.1
No auth needed
Prerequisites: Network access to the target server · Vulnerable version of 7shop
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31978
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6866
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2965
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46184

Scores

EPSS 0.0473
EPSS Percentile 90.7%

Details

CWE
CWE-20
Status published
Products (3)
7-shop/7shop 0.9_beta
7-shop/7shop 1.0
7-shop/7shop < 1.1
Published May 12, 2009
Tracked Since Feb 18, 2026