Created
April 11, 2024 18:41
-
-
Save s4fv4n/320f536a684650c6948433de8d53713c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE ID: CVE-2020-22539 | |
Vulnerability Title: Arbitrary Remote Code Execution via Unrestricted File Upload on Codoforum v4.9 | |
Description: | |
An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file. | |
VulnerabilityType: | |
Unrestricted File Upload | |
Vendor of Product: | |
codoforum.com | |
Affected Product Code Base: | |
Codoforum - v4.9 | |
Affected Component: | |
http://localhost/codo/admin/index.php?page=categories,function for Uploading Category Icon | |
Vulnerable URL: | |
http://<ip_address>/codo/admin/index.php?page=categories | |
Attack Type: | |
Remote | |
Impact Code execution: | |
true | |
Impact Information Disclosure: | |
true | |
Attack Vectors: | |
Steps for Exploitaion: | |
1- first Login to the codoforum backend as a administrator user | |
2- then go to the http://<codoforum>/admin/index.php?page=categories (categories page) | |
3- Then create a new Category | |
4. Add Category name | |
5. Then click the browse button for uploading Category Icon | |
5. Choose a php shell | |
6. Give a description for the category | |
7. Click the Add Category button | |
now the Category is created | |
8. Then goto the home page and select the Category which we created earlier. | |
9. right click on the Category icon and select view image. | |
10. Now you can access your shell. | |
Discoverer: | |
Safvan | |
Reference: | |
http://codoforum.com | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment