# Vulnerability Title: Remote Code Execution via Unrestricted File Upload
# Vendor Homepage: https://pandorafms.com/en/
# Version: <= v767
# CVE: CVE-2023-24517
# CVSS 3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L (6.4 Medium)
# Exploit Author: Gaurish Kauthankar
# Date: 22/08/2023
- Login as an admin user, go to admin tools > file manager.
- Click on upload a file & upload a valid image file.
- Intercept the request & change file extension from png/jpg/jpeg to phar and keep the content-type value the same as the image file.
- Keep the first few lines of the original image file content and append malicious php code at the end.
- Once done, send the request & observe the response.
- Access the uploaded phar file > add parameter name followed by the system commands.