CVE-2018-19422
/Practice/Exfiltrated/3-Exploitation/attachments/{7169015A-6234-4244-B3FF-8CBFEE0449A5}.png)
A vulnerability was found in Subrion CMS 4.2.1 (Content Management System). It has been rated as critical. This issue affects an unknown code of the file /panel/uploads. The manipulation with an unknown input leads to a unrestricted upload vulnerability. Using CWE to declare the problem leads to CWE-434. The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. Impacted is confidentiality, integrity, and availability.
Exploit
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/exfiltrated]
└─$ searchsploit -m php/webapps/49876.py ; mv 49876.py CVE-2018-19422.py
Exploit: Subrion CMS 4.2.1 - Arbitrary File Upload
URL: https://www.exploit-db.com/exploits/49876
Path: /usr/share/exploitdb/exploits/php/webapps/49876.py
Codes: CVE-2018-19422
Verified: False
File Type: Python script, ASCII text executable, with very long lines (956)
Copied to: /home/kali/PEN-200/PG_PRACTICE/exfiltrated/49876.pyExploit locally available