This exploit demonstrates multiple vulnerabilities in CMSMini 0.2.2, including arbitrary file upload leading to RCE, CSRF for page activation/deletion, file inclusion, and XSS. The PoC includes a PHP shell upload and various attack vectors.
Classification
Working Poc 95%
Attack Type
Rce | Xss | Csrf | Info Leak
Complexity
Trivial
Reliability
Reliable
Target:CMSMini 0.2.2 and older
Auth required
Prerequisites:Admin access to the CMSMini application · Network access to the target