CVE-2018-19422

This exploit leverages an authenticated file upload bypass in Subrion CMS 4.2.1 to achieve remote code execution by uploading a malicious PHAR file disguised as a webshell. It requires valid credentials and uses CSRF token extraction for authentication.

This PoC exploits an authenticated file upload vulnerability in Subrion CMS 4.2.1, allowing arbitrary PHP code execution via .phar file uploads. It includes authentication bypass, CSRF token handling, and a webshell for command execution.

This is a functional exploit for CVE-2018-19422, targeting Subrion CMS 4.2.1. It authenticates, uploads a malicious PHAR file bypassing restrictions, and achieves remote code execution via a webshell.

This is a Python-based exploit for CVE-2018-19422, targeting Subrion CMS 4.2.1. It bypasses file upload restrictions to achieve authenticated remote code execution by uploading a malicious PHP shell disguised as a .phar file.

This repository contains a functional Python exploit for CVE-2018-19422, which allows authenticated remote code execution in Subrion CMS 4.2.1 via a file upload bypass (.phar extension) in the /panel/uploads directory. The exploit automates login, CSRF token extraction, webshell upload, and command execution.

This Metasploit module exploits an authenticated file upload vulnerability in Subrion CMS 4.2.1 and lower. It bypasses .htaccess restrictions by uploading a .phar file containing a PHP payload, achieving remote code execution.