CVE-2024-48180 PoC — ClassCMS 安全漏洞

Source

https://github.com/J-0k3r/CVE-2024-48180

Associated Vulnerability

Title:ClassCMS 安全漏洞 (CVE-2024-48180)
Description:ClassCMS是中国ClassCMS开源的一款简单、灵活、安全、易于拓展的内容管理系统。 ClassCMS 4.8版本存在安全漏洞。攻击者利用该漏洞可以执行 PHP 代码。

Readme

[CVE ID]
CVE-2024-48180
[PRODUCT]
ClassCMS
[VERSION]
ClassCMS <=4.8
[VulnerabilityType Other]
file inclusion
[Vendor of Product]
https://classcms.com/
[Affected Component]
There is a file inclusion vulnerability in the nowView method in/class/cms/cms.php, which can include a txt file uploaded to the/class/template directory to execute PHP code
[Attack Type]
Remote

File Snapshot


 [4.0K]  /data/pocs/48d62f522bfba5dd7b3851206bc278575a9e642e
├── [507K]  cms.pdf
└── [ 367]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.