CVE-2022-31854

HIGH NUCLEI

Codoforum 5.1 - Authenticated Arbitrary File Upload via Admin Logo Change

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-31854. PoCs published by Krish Pandey, Vikaran101. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit leverages an arbitrary file upload vulnerability in CodoForum v5.1 to achieve remote code execution (RCE). It authenticates as an admin, uploads a malicious PHP file disguised as a forum logo, and executes a reverse shell payload.

Description

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.

Exploits (2)

exploitdb WORKING POC

by Krish Pandey · pythonwebappsphp

https://www.exploit-db.com/exploits/50978

View Code ZIP pw:eip

This exploit leverages an arbitrary file upload vulnerability in CodoForum v5.1 to achieve remote code execution (RCE). It authenticates as an admin, uploads a malicious PHP file disguised as a forum logo, and executes a reverse shell payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CodoForum v5.1

Auth required

Prerequisites: Admin credentials · Network access to the target · Listener setup for reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 4 stars

by Vikaran101 · poc

https://github.com/Vikaran101/CVE-2022-31854

View Code ZIP pw:eip

This exploit leverages an authenticated file upload vulnerability in CodoForum v5.1 to achieve remote code execution (RCE) by bypassing file extension restrictions and uploading a malicious PHP file. The payload establishes a reverse shell to a specified listener.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CodoForum v5.1

Auth required

Prerequisites: Valid admin credentials · Network access to the target · Listener setup for reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Codoforum 5.1 - Arbitrary File Upload

HIGHVERIFIEDby theamanrawat

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://codoforum.com

Exploit, Third Party Advisory x_refsource_misc

https://vikaran101.medium.com/codoforum-v5-1-authenticated-rce-my-first-cve-f49e19b8bc

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Vikaran101/CVE-2022-31854/blob/main/exploit.py

View Exploit ZIP pw:eip

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/167782/CodoForum-5.1-Remote-Code-Execution.html

Scores

CVSS v3 7.2

EPSS 0.2494

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

codologic/codoforum 5.1

Published Jul 07, 2022

Tracked Since Feb 18, 2026