Lucene search
Chetanya SharmaPACKETSTORM:166077HistoryFeb 21, 2022 - 12:00 a.m.
Microweber 1.2.11 Shell Upload
2022-02-2100:00:00
Chetanya Sharma
packetstormsecurity.com
191
0.041 Low
EPSS
Percentile
92.2%
`# Exploit Title: Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)
# Google Dork: NA
# Date: 02/17/2022
# Exploit Author: Chetanya Sharma @AggressiveUser
# Vendor Homepage: https://microweber.org/
# Software Link: https://github.com/microweber/microweber
# Version: 1.2.11
# Tested on: [KALI OS]
# CVE : CVE-2022-0557
# Reference : https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8/
# Step To Reproduce
- Login using Admin Creds.
- Navigate to User Section then Add/Modify Users
- Change/Add image of profile and Select a Crafted Image file
- Crafted image file Aka A image file which craft with PHP CODES for execution
- File Extension of Crafted File is PHP7 like "Sample.php7"
- Path of Uploaded Crafted SHELL https://localhost/userfiles/media/default/shell.php7
`
Related
cvelist
cvelist
CVE-2022-0557 OS Command Injection in microweber/microweber
2022-02-11 08:45:10
cve
cve
CVE-2022-0557
2022-02-11 09:15:06
nvd
nvd
CVE-2022-0557
2022-02-11 09:15:06
github
github
OS Command Injection in Microweber
2022-02-12 00:00:49
osv
osv
OS Command Injection in Microweber
2022-02-12 00:00:49
CVE-2022-0557
2022-02-11 09:15:06
cnvd
cnvd
Microweber command injection vulnerability
2022-02-15 00:00:00
huntr
huntr
OS Command Injection in microweber/microweber
2022-02-05 15:03:29
prion
prion
Command injection
2022-02-11 09:15:00
zdt
zdt
Microweber 1.2.11 - Remote Code Execution (Authenticated) Vulnerability
2022-02-21 00:00:00
veracode
veracode
OS Command Injection
2022-02-14 08:02:39
checkpoint_advisories
checkpoint_advisories
Packagist Microweber Arbitrary File Upload (CVE-2022-0557)
2022-11-27 00:00:00
exploitdb
exploitdb
Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)
2022-02-21 00:00:00