gistfile1.txt

CVE ID: CVE-2020-22539

Vulnerability Title: Arbitrary Remote Code Execution via Unrestricted File Upload on Codoforum v4.9

Description:
An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file.

VulnerabilityType:
Unrestricted File Upload

Vendor of Product:
codoforum.com

Affected Product Code Base:
Codoforum - v4.9

Affected Component:
http://localhost/codo/admin/index.php?page=categories,function for Uploading Category Icon

Vulnerable URL: 
http://<ip_address>/codo/admin/index.php?page=categories

Attack Type:
Remote

Impact Code execution:
true

Impact Information Disclosure:
true

Attack Vectors:
Steps for Exploitaion:

1- first Login to the codoforum backend as a administrator user
2- then go to the http://<codoforum>/admin/index.php?page=categories (categories page)
3- Then create a new Category
4. Add Category name
5. Then click the browse button for uploading Category Icon
5. Choose a php shell
6. Give a description for the category
7. Click the Add Category button
now the Category is created
8. Then goto the home page and select the Category which we created earlier.
9. right click on the Category icon and select view image.
10. Now you can access your shell.

Discoverer:
Safvan

Reference:
http://codoforum.com