CVE-2019-13956

CRITICAL LAB

Discuz!ML <3.4 - RCE

Title source: llm

Description

Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'; (if the random prefix 4gH4_0df5_ were used).

Exploits (1)

nomisec STUB

by rhbb · poc

https://github.com/rhbb/CVE-2019-13956

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] http://esoln.net/esoln/blog/2019/06/14/discuzml-v-3-x-code-injection-vulnerability/

Scores

CVSS v3 9.8

EPSS 0.4341

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull boyhack/discuz_ml

https://github.com/rhbb/CVE-2019-13956

View in Library

Details

CWE

CWE-94

Status published

Products (1)

codersclub/discuz\!ml 3.2 - 3.4

Published Jul 18, 2019

Tracked Since Feb 18, 2026