This exploit demonstrates an arbitrary file upload vulnerability in CH-CMS.ch-V2, allowing attackers to upload malicious files via `ava_upl.php` or `ava_upl2.php`, which are stored in the `avatar/` directory. The vulnerability can lead to remote code execution if the uploaded file is executable.
Classification
Working Poc 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:CH-CMS.ch-V2
No auth needed
Prerequisites:Access to the vulnerable upload endpoint