atrocore-1.5.25-User interaction - Unauthenticated File upload - RCE - Information gathering
Vendor
Description:
The Create Import Feed option with glyphicon-glyphicon-paperclip - format CSV upload function appears to be vulnerable to User interaction - Unauthenticated File upload - RCE attacks. The attacker can easily upload a malicious file then can execute the file remotely and can get VERY sensitive information about the configuration of this system, after this he can perform a very nasty attack.
STATUS: HIGH Vulnerability CRITICAL
[+]Payload:
<?php
phpinfo();
?>Reproduce:
Reference:
Proof and Exploit:
Time spend:
00:45:00
