CVE-2019-11447 PoC — 编号重复

Source

https://github.com/mt-code/CVE-2019-11447

Associated Vulnerability

Title:编号重复 (CVE-2019-11447)
Description:CutePHP CuteNews是一套新闻管理系统。该系统具有搜索、文件上传管理、访问控制、备份和恢复等功能。 “废弃”请勿使用此编号。原因：此编号与CNNVD-201110-126编号重复，所有使用CNNVD编号的用户请参考CNNVD-201110-126编号。为防止意外使用，此编号中的所有信息已删除。

Description

Exploits CuteNews 2.1.2 via poor file upload checks used when uploading an avatar image leading to RCE.

Readme

## CVE-2019-11447 - PoC
Exploits CuteNews 2.1.2 via poor file upload checks used when uploading an avatar image leading to RCE.

### Installation

Clone the repository and install the requirements.

`pip install -r requirements.txt`

### Usage

In order to upload an avatar you will require a CuteNews user account, this doesn't have to be an administrator account.

`CVE-2019-11447.py {URL} {USERNAME} {PASSWORD}`

Example:

`CVE-2019-11447.py http://localhost/CuteNews/index.php {USERNAME} {PASSWORD}`

File Snapshot


 [4.0K]  /data/pocs/94b447342593596c2b4c6696864c1669a2a3526e
├── [3.4K]  CVE-2019-11447.py
├── [ 504]  README.md
├── [  79]  requirements.txt
└── [  42]  shell.php

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!