CVE-2020-25042

HIGH

MaraCMS 7.5 - Authenticated Arbitrary File Upload via codebase/dir.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-25042. PoCs published by 0blio_, Groppoxx, Michele Cisternino, Erik Wynter, including Metasploit module exploits/multi/http/maracms_upload_exec.

AI-analyzed exploit summary This exploit demonstrates an authenticated remote code execution vulnerability in Mara CMS 7.5 by uploading a malicious PHP file via the file upload functionality. The vulnerability arises due to insufficient file extension validation, allowing an attacker to upload a webshell.

Description

An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.

Exploits (3)

exploitdb WORKING POC
by 0blio_ · textwebappsphp
https://www.exploit-db.com/exploits/48780

This exploit demonstrates an authenticated remote code execution vulnerability in Mara CMS 7.5 by uploading a malicious PHP file via the file upload functionality. The vulnerability arises due to insufficient file extension validation, allowing an attacker to upload a webshell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Mara CMS 7.5
Auth required
Prerequisites: Valid authenticated session as 'admin' or 'manager' · Access to the file upload functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Groppoxx · poc
https://github.com/Groppoxx/CVE-2020-25042-PoC

This repository contains a functional Python exploit for CVE-2020-25042, an authenticated arbitrary file upload vulnerability in Mara CMS 7.5. The exploit authenticates as an admin/manager, uploads a PHP payload via `codebase/handler.php`, and executes commands through the uploaded shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mara CMS 7.5
Auth required
Prerequisites: Valid Mara CMS admin/manager credentials · Access to the target Mara CMS instance
devstral-2 · analyzed May 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Michele Cisternino, Erik Wynter · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/maracms_upload_exec.rb

This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS 7.5 and prior to execute arbitrary commands. It authenticates, uploads a malicious PHP file, and triggers payload execution via HTTP requests.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MaraCMS <= 7.5
Auth required
Prerequisites: Valid admin/manager credentials · Network access to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Product, Third Party Advisory x_refsource_misc
https://sourceforge.net/projects/maracms/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/48780
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/159304/MaraCMS-7.5-Remote-Code-Execution.html

Scores

CVSS v3 7.2
EPSS 0.1811
EPSS Percentile 96.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
maracms/maracms 7.5
Published Sep 03, 2020
Tracked Since Feb 18, 2026