CVE-2022-3552

HIGH

Boxbilling < 0.0.1 - Unrestricted Upload of File with Dangerous Type

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2022-3552. PoCs published by zetc0de, 0xk4b1r, BakalMode.

AI-analyzed exploit summary This exploit demonstrates an unrestricted file upload vulnerability in BoxBilling <=4.22.1.5, allowing an authenticated admin to upload a malicious PHP file via a hidden API endpoint, leading to remote code execution (RCE). The PoC includes a crafted HTTP POST request with a PHP payload.

Description

Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.

Exploits (4)

exploitdb WORKING POC VERIFIED
by zetc0de · textwebappsphp
https://www.exploit-db.com/exploits/51108

This exploit demonstrates an unrestricted file upload vulnerability in BoxBilling <=4.22.1.5, allowing an authenticated admin to upload a malicious PHP file via a hidden API endpoint, leading to remote code execution (RCE). The PoC includes a crafted HTTP POST request with a PHP payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: BoxBilling <=4.22.1.5
Auth required
Prerequisites: Valid admin session · At least one order of product
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 8 stars
by 0xk4b1r · poc
https://github.com/0xk4b1r/CVE-2022-3552

This repository contains a functional exploit for CVE-2022-3552, targeting BoxBilling versions <= 4.22.1.5. The exploit leverages an authenticated file upload vulnerability to achieve remote code execution by uploading a malicious PHP reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BoxBilling <= 4.22.1.5
Auth required
Prerequisites: Valid credentials for BoxBilling admin panel · Network access to the target application
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 2 stars
by BakalMode · poc
https://github.com/BakalMode/CVE-2022-3552

This repository contains a functional exploit for CVE-2022-3552, targeting BoxBilling versions <= 4.22.1.5. The exploit leverages authenticated file upload to achieve remote code execution (RCE) via a reverse shell payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BoxBilling <= 4.22.1.5
Auth required
Prerequisites: Valid admin credentials · Target running vulnerable BoxBilling version
devstral-2 · analyzed Feb 18, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/kabir0x23/cve-2022-3552

This repository contains a functional exploit for CVE-2022-3552, targeting BoxBilling versions <=4.22.1.5. The exploit leverages an authenticated file upload vulnerability to achieve remote code execution by uploading a malicious PHP reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: BoxBilling <=4.22.1.5
Auth required
Prerequisites: valid credentials for BoxBilling admin panel · network access to the target · PHP execution environment on the target
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.2
EPSS 0.5579
EPSS Percentile 98.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
boxbilling/boxbilling < 0.0.1
Published Oct 17, 2022
Tracked Since Feb 18, 2026