The exploit allows an attacker to execute remote code on the Karaf Console. By sending a crafted request, an attacker can open a reverse shell connection, giving them unauthorized access to the system. This vulnerability has been assigned the CVE identifier CVE-2023-XXXXX.
The SitemagicCMS version 4.4.3 is vulnerable to remote code execution (RCE). An attacker can upload a malicious shell.phar file with the content '<?php echo system("cat /etc/passwd"); ?>' and execute arbitrary commands on the target system. This can lead to unauthorized access, data leakage, and further compromise of the system. The vulnerability was found by Mirabbas Agalarov.
Services By CQR