Fuel CMS 1.4.1 - Remote Code Execution

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.

Install

git clone https://github.com/Trushal2004/CVE-2018-16763.git
cd CVE-2018-16763/
python3 -m pip install -r requirements.txt
chmod +x exploit.py
./exploit.py

Help

$./exploit.py --help
usage: python3 ./exploit.py -u <url>

fuel cms fuel CMS 1.4.1 - Remote Code Execution Exploit

optional arguments:
  -h, --help         show this help message and exit
  -v, --version      show the version of exploit
  -u url, --url url  Enter the url

EXAMPLE - python3 ./exploit.py -u http://10.10.21.74

Demo

Exploit DB

https://www.exploit-db.com/exploits/50477

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
LICENSE		LICENSE
README.md		README.md
exploit.py		exploit.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LICENSE

LICENSE

README.md

README.md

exploit.py

exploit.py

requirements.txt

requirements.txt

Repository files navigation

Fuel CMS 1.4.1 - Remote Code Execution

Install

Help

Demo

Exploit DB

About

Languages

License

padsalatushal/CVE-2018-16763

Folders and files

Latest commit

History

Repository files navigation

Fuel CMS 1.4.1 - Remote Code Execution

Install

Help

Demo

Exploit DB

About

Topics

Resources

License

Stars

Watchers

Forks

Languages