/Describe the bug/
An attacker could insert any executable code through php via File to execution command in the server
/To Reproduce/
Log into the panel.
Click "File" >> New (Mara/codebase/dir.php?type=filenew)
Click File Upload
Insert payload php: r0ck3t-1973.php
Save and Exit
Go to Mara/img/r0ck3t-1973.php
/Screenhost/
The text was updated successfully, but these errors were encountered:
r0ck3t1973
changed the title
Remote Code Execution via Snippets module in Mara version 7.5
Remote Code Execution via File in Mara version 7.5
Sep 1, 2020
/Describe the bug/
An attacker could insert any executable code through php via File to execution command in the server
/To Reproduce/
/Screenhost/
The text was updated successfully, but these errors were encountered: