This is a writeup describing a session poisoning vulnerability in Golabi CMS. The vulnerability allows an attacker to manipulate session variables to re-install or change configurations, potentially leading to arbitrary code execution via malicious PHP code injection.
Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target:Golabi CMS >= 1.0.1
No auth needed
Prerequisites:Access to the target application's ImageVer.php endpoint