header-logo
Suggest Exploit
vendor:
Wolf CMS
by:
Ahmet Ümit BAYRAM
7.4
CVSS
HIGH
Remote Code Execution (RCE)
78
CWE
Product Name: Wolf CMS
Affected Version From: 0.8.3.1
Affected Version To: 0.8.3.1
Patch Exists: YES
Related CWE:
CPE: a:wolfcms:wolfcms
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux
2023

Wolf CMS 0.8.3.1 – Remote Code Execution (RCE)

Wolf CMS 0.8.3.1 is vulnerable to Remote Code Execution (RCE). An attacker can exploit this vulnerability by creating a malicious php file, entering shell code and saving the file. Then, the attacker can access the file at https://localhost/wolfcms/public/shell.php to execute the code.

Mitigation:

Upgrade to the latest version of Wolf CMS.
Source

Exploit-DB raw data:

# Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)
# Date: 2023-05-02
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://wolf-cms.readthedocs.io
# Software Link: https://github.com/wolfcms/wolfcms
# Version: 0.8.3.1
# Tested on: Kali Linux

### Steps to Reproduce ###

# Firstly, go to the "Files" tab.
# Click on the "Create new file" button and create a php file (e.g:
shell.php)
# Then, click on the file you created to edit it.
# Now, enter your shell code and save the file.
# Finally, go to https://localhost/wolfcms/public/shell.php

### There's your shell! ###

Navigation

Suggest Exploit

Services By CQR