CVE-2019-9194

This Metasploit module exploits a command injection vulnerability in elFinder's PHP connector by uploading a malicious JPEG file with shell metacharacters in the filename, which is then processed by `exiftran` to execute arbitrary commands.

This exploit targets a command injection vulnerability in elFinder's PHP connector by uploading a malicious image file with a payload that writes a PHP shell to the server. The exploit then triggers the payload via an image rotation command and provides interactive shell access.

This repository contains a functional Python exploit for CVE-2019-9194, which leverages a command injection vulnerability in elFinder's PHP connector. The exploit uploads a malicious JPEG file with a crafted filename to execute arbitrary commands, resulting in remote code execution.

This repository contains a minimal Docker setup for CVE-2019-9194 but lacks actual exploit code. The provided script only starts Apache and keeps the container running.

This repository contains a functional Python exploit for CVE-2019-9194, which leverages a command injection vulnerability in elFinder's PHP connector. The exploit uploads a malicious JPEG file with a crafted filename to execute arbitrary commands, resulting in remote code execution.

This Metasploit module exploits a command injection vulnerability in elFinder's PHP connector by uploading a malicious JPEG file with shell metacharacters in the filename, which is then processed by `exiftran` to execute arbitrary commands.