CVE-2019-11447 PoC — 编号重复

Source

https://github.com/khuntor/CVE-2019-11447-EXP

Associated Vulnerability

Title:编号重复 (CVE-2019-11447)
Description:CutePHP CuteNews是一套新闻管理系统。该系统具有搜索、文件上传管理、访问控制、备份和恢复等功能。 “废弃”请勿使用此编号。原因：此编号与CNNVD-201110-126编号重复，所有使用CNNVD编号的用户请参考CNNVD-201110-126编号。为防止意外使用，此编号中的所有信息已删除。

Description

CuteNews Avatar  2.1.2 Remote Code Execution Vulnerability

Readme

# CVE-2019-11447-EXP
CuteNews Avatar  2.1.2 Remote Code Execution Vulnerability

Before run the python script, run the nc command firstly. The default port is 1234.

Then execute exploit.py, follow the tips and input required contents.

![image](https://github.com/khuntor/CVE-2019-11447-EXP/blob/main/img/1.jpg)

![image](https://github.com/khuntor/CVE-2019-11447-EXP/blob/main/img/2.png)

File Snapshot


 [4.0K]  /data/pocs/b23112845163db59285dbad1109d5c84476dba70
├── [3.8K]  exploit.py
├── [4.0K]  img
│   ├── [ 17K]  1.jpg
│   └── [ 64K]  2.png
├── [ 390]  README.md
└── [5.4K]  testshell.php

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!