The exploit demonstrates a remote code execution (RCE) vulnerability in Slaed CMS by injecting PHP code via the 'word' or 'query' parameters in the search functionality. The payload uses PHP's string interpolation to execute arbitrary code (e.g., phpinfo()).
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:Slaed CMS <= 4.* and OpenSlaed 1.2 (free)
No auth needed
Prerequisites:Access to the target's search functionality via HTTP