Published: 21/11/2018 Updated: 04/08/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

/panel/uploads in Subrion CMS 4.2.1 allows remote malicious users to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

Vulnerable Product	Search on Vulmon	Subscribe to Product
intelliants subrion cms 4.2.1

Subrion CMS version 421 file upload bypass exploit that uploads a shell ...

This is an edited version of the CVE-2018-19422 exploit to fix an small but annoying issue I had.

SubrionCMS-421-File-upload-RCE-auth- This is an edited version of the CVE-2018-19422 exploit to fix an small but annoying issue I had I had to use this exploit in a CTF but I could not get it to properly exploit, just kept failing to login After an unholy amount of time I finally figured out why It was an issue with the url argument When I specified a url, the program aut

CVE-2018-19422 Authenticated Remote Code Execution

CVE-2018-19422-SubrionCMS-RCE SubrionCMS 421 Authenticated Remote Code Execution /panel/uploads in Subrion CMS 421 allows remote attackers to execute arbitrary PHP code via a pht or phar file, because the htaccess file omits these Exploit Usage Commands: Windows/Linux: $ sudo python3 subrionRCEpy -u IP/panel/ -l <user> -p <password&gt

CWE-434 https://github.com/intelliants/subrion/issues/801 http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/Swammers8/SubrionCMS-4.2.1-File-upload-RCE-auth-https://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html

CVE-2018-19422

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect