CVE-2012-4036

PBBoard 2.1.4 - Authenticated Arbitrary PHP File Upload via admin.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4036. PoCs published by High-Tech Bridge.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in PBBoard 2.1.4 by uploading a PHP file with embedded PHP code via a crafted form submission. The vulnerability allows remote code execution by leveraging the 'export' functionality in the admin panel.

Description

Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge · textwebappsphp

https://www.exploit-db.com/exploits/37616

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in PBBoard 2.1.4 by uploading a PHP file with embedded PHP code via a crafted form submission. The vulnerability allows remote code execution by leveraging the 'export' functionality in the admin panel.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PBBoard 2.1.4

Auth required

Prerequisites: Access to the admin panel · Valid session or authentication credentials

MITRE ATT&CK