CVE-2020-23934 PoC — RiteCMS 操作系统命令注入漏洞

Source

https://github.com/H0j3n/CVE-2020-23934

Associated Vulnerability

Title:RiteCMS 操作系统命令注入漏洞 (CVE-2020-23934)
Description:RiteCMS 2.2.1版本中存在安全漏洞。攻击者可通过在‘Filemanager’上传PHP Web shell利用该漏洞执行系统命令。

Readme

# CVE-2020-23934

# References

[1] https://www.exploit-db.com/exploits/48636

[2] https://github.com/vj0shii/PRTG-Network-MonitorCMS-Authenticated-Remote-Code-Execution/blob/master/PRTGCMS.py

[3] https://stackoverflow.com/questions/12385179/how-to-send-a-multipart-form-data-with-requests-in-python

[4]

File Snapshot


 [4.0K]  /data/pocs/2015c974a16930e5ea0f314ef4488d7eedda53b1
├── [4.2K]  exploit.py
└── [ 307]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.