CVE-2008-7167

Page Manager 2006-02-04 - Unauthenticated Arbitrary File Upload via upload.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7167. PoCs published by CWH Underground.

AI-analyzed exploit summary This is a writeup describing a remote arbitrary file upload vulnerability in Page Manager CMS. It provides details on the vulnerability, including the upload path and shell script location, but does not include actual exploit code.

Description

Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

Exploits (1)

exploitdb WRITEUP VERIFIED
by CWH Underground · textwebappsphp
https://www.exploit-db.com/exploits/5936

This is a writeup describing a remote arbitrary file upload vulnerability in Page Manager CMS. It provides details on the vulnerability, including the upload path and shell script location, but does not include actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Page Manager CMS 2006-02-04
No auth needed
Prerequisites: Access to the upload.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5936
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29929
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43356
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1952/references

Scores

EPSS 0.0421
EPSS Percentile 89.7%

Details

CWE
CWE-264
Status published
Products (1)
sami_ekblad/page_manager 2006-02-04
Published Sep 08, 2009
Tracked Since Feb 18, 2026