CVE-2019-11447

This exploit targets CVE-2019-11447 in CuteNews 2.1.2, achieving remote code execution by uploading a malicious PHP file disguised as an avatar. It includes credential extraction, user registration, and a reverse shell-like interactive command execution.

This Metasploit module exploits a remote code execution vulnerability in CuteNews prior to 2.1.2 by bypassing file upload restrictions via manipulated GIF headers. It authenticates as a user, uploads a malicious PHP file disguised as an avatar, and executes it.

This repository contains a functional Python exploit for CVE-2019-11447, an arbitrary file upload vulnerability in CutePHP CuteNews 2.1.2. The script automates authentication, payload upload, and reverse shell execution.

This repository contains a functional exploit for CVE-2019-11447, which allows remote code execution in CuteNews 2.1.2 via a malicious avatar upload. The exploit bypasses file type validation by embedding PHP code in a GIF file's metadata and leverages authenticated file upload to achieve RCE.

This repository contains a functional exploit for CVE-2019-11447, targeting CuteNews 2.1.2. The exploit leverages an avatar upload vulnerability to achieve remote code execution by uploading a malicious PHP shell.

This repository contains a functional exploit for CVE-2019-11447, targeting CuteNews 2.1.2. The exploit leverages poor file upload checks to upload a PHP reverse shell, achieving remote code execution (RCE).

This repository contains a functional exploit for CVE-2019-11447, which targets an authenticated remote code execution vulnerability in CuteNews 2.1.2 via avatar upload. The exploit automates user registration/login, uploads a malicious PHP file disguised as a GIF, and triggers execution.

This repository contains a functional exploit for CVE-2019-11447, targeting CuteNews 2.1.2. The exploit leverages poor file upload checks during avatar uploads to achieve remote code execution (RCE) by uploading a malicious PHP shell.