CVE-2022-3552

This exploit demonstrates an unrestricted file upload vulnerability in BoxBilling <=4.22.1.5, allowing an authenticated admin to upload a malicious PHP file via a hidden API endpoint, leading to remote code execution (RCE). The PoC includes a crafted HTTP POST request with a PHP payload.

This repository contains a functional exploit for CVE-2022-3552, targeting BoxBilling versions <= 4.22.1.5. The exploit leverages an authenticated file upload vulnerability to achieve remote code execution by uploading a malicious PHP reverse shell.

This repository contains a functional exploit for CVE-2022-3552, targeting BoxBilling versions <= 4.22.1.5. The exploit leverages authenticated file upload to achieve remote code execution (RCE) via a reverse shell payload.

This repository contains a functional exploit for CVE-2022-3552, targeting BoxBilling versions <=4.22.1.5. The exploit leverages an authenticated file upload vulnerability to achieve remote code execution by uploading a malicious PHP reverse shell.