Atom cms 2.0 remote code execution (rce) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2022-03-30 |
Type : webapps |
Platform : php
This exploit / vulnerability Atom cms 2.0 remote code execution (rce) is for educational purposes only and if it is used you will do on your own risk!
# Description
This script uploads webshell.php to the Atom CMS. An application will store that file in the uploads directory with a unique number which allows us to access Webshell.
# POC Exploit: https://youtu.be/qQrq-eEpswc
# Note: Crafted "Shell.txt" file is required for exploitation which is available on the below link:
# https://github.com/shikari00007/Atom-CMS-2.0---File-Upload-Remote-Code-Execution-Un-Authenticated-POC
'''
Description:
A file upload functionality in Atom CMS 2.0 allows any
non-privileged user to gain access to the host through the uploaded files,
which may result in remote code execution.
'''