CVE-2019-12185

This exploit leverages an arbitrary file upload vulnerability in eLabFTW 1.8.5 via the EntityController component, allowing an authenticated attacker to upload a malicious PHP file and achieve remote code execution (RCE). The PoC includes a multipart/form-data payload with a PHP shell and automates the login and upload process.

This repository contains a functional Python exploit for CVE-2019-12185, which leverages an arbitrary file upload vulnerability in eLabFTW 1.8.5's EntityController to achieve remote code execution. The exploit authenticates, crafts a multipart POST request with a malicious PHP payload, and uploads it to the server.

This repository contains a functional Python exploit for CVE-2019-12185, which leverages an arbitrary file upload vulnerability in eLabFTW 1.8.5's EntityController to achieve remote code execution (RCE). The exploit authenticates with provided credentials, crafts a multipart/form-data POST request to upload a malicious PHP file, and executes commands on the target system.

This repository contains a functional Python exploit for CVE-2019-12185, targeting eLabFTW 1.8.5. The exploit leverages an arbitrary file upload vulnerability in the 'EntityController' to achieve remote code execution (RCE) by uploading a malicious PHP file.