Skip to content

Instantly share code, notes, and snippets.

@s4fv4n
Created April 11, 2024 18:41
Show Gist options
  • Save s4fv4n/320f536a684650c6948433de8d53713c to your computer and use it in GitHub Desktop.
Save s4fv4n/320f536a684650c6948433de8d53713c to your computer and use it in GitHub Desktop.
CVE ID: CVE-2020-22539
Vulnerability Title: Arbitrary Remote Code Execution via Unrestricted File Upload on Codoforum v4.9
Description:
An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file.
VulnerabilityType:
Unrestricted File Upload
Vendor of Product:
codoforum.com
Affected Product Code Base:
Codoforum - v4.9
Affected Component:
http://localhost/codo/admin/index.php?page=categories,function for Uploading Category Icon
Vulnerable URL:
http://<ip_address>/codo/admin/index.php?page=categories
Attack Type:
Remote
Impact Code execution:
true
Impact Information Disclosure:
true
Attack Vectors:
Steps for Exploitaion:
1- first Login to the codoforum backend as a administrator user
2- then go to the http://<codoforum>/admin/index.php?page=categories (categories page)
3- Then create a new Category
4. Add Category name
5. Then click the browse button for uploading Category Icon
5. Choose a php shell
6. Give a description for the category
7. Click the Add Category button
now the Category is created
8. Then goto the home page and select the Category which we created earlier.
9. right click on the Category icon and select view image.
10. Now you can access your shell.
Discoverer:
Safvan
Reference:
http://codoforum.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment