CVE-2018-17552

This PoC exploits an authentication bypass via SQL injection in the session cookie and uploads a malicious PHP file to achieve remote code execution (RCE). The exploit leverages a path traversal vulnerability to overwrite a legitimate file with a webshell.

This Metasploit module exploits an authentication bypass (CVE-2018-17552) and a file upload vulnerability (CVE-2018-17553) in Navigate CMS 2.8 and prior to achieve unauthenticated remote code execution. It bypasses login via SQL injection and uploads a malicious PHP file to execute arbitrary code.

This Metasploit module exploits an authentication bypass (CVE-2018-17552) and a path traversal vulnerability (CVE-2018-17553) in Navigate CMS 2.8 and prior to achieve unauthenticated remote code execution by uploading a malicious PHP file.