CVE-2018-19422

Related Files

Intelliants Subrion CMS 4.2.1 Remote Code Execution

Posted Aug 4, 2023

Authored by Fellipe Oliveira, Ismail E. Dawoodjee, Hexife | Site metasploit.com

This Metasploit module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess blacklist, hence these files can be uploaded and executed to achieve remote code execution. In this module, a .phar file with a randomized name is uploaded and executed to receive a Meterpreter session on the target, then deletes itself afterwards.

tags | exploit, remote, code execution, file upload

advisories | CVE-2018-19422

SHA-256 | 72859313ffb21cb022d15b4566fe8863b0a0f88f5ef2dff2e8c3eba2e934c2ce

Download | Favorite | View

Subrion CMS 4.2.1 Shell Upload

Posted May 17, 2021

Authored by Fellipe Oliveira

Subrion CMS version 4.2.1 file upload bypass exploit that uploads a shell.

tags | exploit, shell, file upload

advisories | CVE-2018-19422

SHA-256 | a8dc69971c84f2d358d2043b54d854b585028b195fc8de3cc1b57d75eb01c988

Download | Favorite | View