Advertisement






SW3 Solutions CMS Shell Upload thru weak default admin credentials

CVE Category Price Severity
N/A CWE-287 $500 High
Author Risk Exploitation Type Date
Unknown Critical Remote 2021-02-12
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.06174 0.8039

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021020068

Below is a copy:

SW3 Solutions CMS Shell Upload thru weak default admin credentials
[+] admin panel link: https://victim.com/mscp/
[+] default credentials: [email protected]  :::  admin
[+] bypass file upload in /mscp/catalog/products.php (I won't tell you how. LOL it's easy af)
[+] use common sense to locate file destination

DEMO : https://www.elevenwest.com.pk/


Credits: Bloos3rpent
> http://www.zone-h.org/archive/notifier=Bloos3rpent
> https://www.facebook.com/GrayHatPhantom
> https://twitter.com/blooserpent

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.