cve/CVE-2019-12170.md at 9ac4b787af2fa0b7575b28040edee6199ce9a667

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.

POC

Reference

http://packetstormsecurity.com/files/153869/ATutor-2.2.4-Backup-Remote-Command-Execution.html
https://github.com/fuzzlove/ATutor-Instructor-Backup-Arbitrary-File

Github

https://github.com/0xT11/CVE-POC
https://github.com/ARPSyndicate/cvemon
https://github.com/anquanscan/sec-tools
https://github.com/developer3000S/PoC-in-GitHub
https://github.com/fuzzlove/ATutor-2.2.4-Language-Exploit
https://github.com/hectorgie/PoC-in-GitHub

1.2 KiB Raw Blame History

CVE-2019-12170

Description

POC

Reference

Github

1.2 KiB

Raw Blame History