This exploit leverages a file inclusion vulnerability in Cybershare CMS by manipulating the `CMS_ROOT` parameter to include arbitrary files, potentially leading to remote code execution. The vulnerability is due to improper input validation in the `includes.php` file.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:Cybershare CMS 0.2b-DEV
No auth needed
Prerequisites:Access to the target web application · Ability to craft a malicious URL with the `CMS_ROOT` parameter