Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-24949 PoC — PHP-Fusion 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-24949.yaml
Associated Vulnerability
Title:PHP-Fusion 安全漏洞 (CVE-2020-24949)
Description:PHP是PHPGroup和开放源代码社区的共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。PHP-Fusion是马来西亚PHP-Fusion公司的一套基于MySql和PHP的开源轻量级内容管理系统。该系统包含新闻、文章和论坛等模块。 PHP-Fusion 9.03.50版本downloads / downloads.php中存在安全漏洞,该漏洞允许攻击者将特制请求发送到服务器并远程命令执行。
Description
PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution.
File Snapshot

 id: CVE-2020-24949

info:
  name: PHP-Fusion 9.03.50 - Remote Code Execution
  author: geeknik
  sev

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.