CVE-2023-41892

This repository contains a functional exploit for CVE-2023-41892, an unauthenticated remote code execution vulnerability in Craft CMS versions 4.0.0-RC1 to 4.4.14. The exploit leverages deserialization via the `conditions/render` endpoint to execute arbitrary PHP code and deploy a webshell.

This repository contains a functional Python exploit for CVE-2023-41892, targeting Craft CMS versions 4.0.0-RC1 to 4.4.14. The exploit leverages deserialization and file upload vulnerabilities to achieve remote code execution by deploying a malicious PHP file and spawning a reverse shell.

The repository contains a functional exploit script for CVE-2023-41892, a Craft CMS Remote Code Execution (RCE) vulnerability. The script sends a crafted POST request to trigger deserialization via the `conditions/render` endpoint, leading to arbitrary code execution (e.g., `phpinfo()`).

This repository contains functional exploit code for CVE-2023-41892, targeting a deserialization vulnerability in Craft CMS. The PoC demonstrates remote code execution (RCE) by uploading a webshell via Imagick manipulation, with both authenticated and unauthenticated variants.

The repository lacks actual exploit code and only provides generic mitigation advice for PHP object injection attacks. No technical details about CVE-2023-41892 are included.

This repository contains a functional exploit for CVE-2023-41892, a Remote Code Execution (RCE) vulnerability in Craft CMS. The exploit leverages deserialization and Imagick file handling to write a malicious PHP shell to the target system.

This Metasploit module exploits CVE-2023-41892, an unauthenticated RCE vulnerability in Craft CMS versions 4.0.0-RC1 to 4.4.14. It leverages PHP object instantiation in `ConditionsController` and Imagick's MSL to upload a malicious PHP webshell.