CVE-2018-19127 PoC — PHPCMS 代码注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-19127.yaml

Associated Vulnerability

Title:PHPCMS 代码注入漏洞 (CVE-2018-19127)
Description:PHPCMS是一套基于PHP和Mysql架构的网站内容管理系统。该系统包括新闻、图片、下载、信息、产品等模块。 PHPCMS 2008版本中存在代码注入漏洞。攻击者可借助‘template’参数利用该漏洞向网站缓存中写入任意内容，执行任意代码。

Description

PHPCMS 2008 suffers from an unauthenticated RCE via template injection in type.php, where attacker-supplied content is written into a PHP template cache file, which is then executable.

File Snapshot


 id: CVE-2018-19127

info:
  name: PHPCMS 2008 - Remote Code Execution via Template Injection
  autho

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!