- Exploit Title: REDAXO_CMS_Remote_Code_Execution
- Date: 2024-02-16
- Exploit Author: TSAI,MING-HUNG
- Vendor Homepage: https://redaxo.org/
- Software Link: https://github.com/redaxo/redaxo
- Version: 5.15.1
- Tested on: Kali Linux + Docker
- Payload:
<?php system('cat /etc/passwd'); ?> - CVE: CVE-2024-25298
REDAXO CMS allows Remote Code Execution via the 'Template' in "/addons/structure/plugins/content/pages/modules.modules.php". Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit the latest vulnerabilities in the system.
- Log in as an administrator.
- Navigate to the Modules page.
- Add Modules.
- Edit the Default page.
- Enter
<?php system("cat /etc/passwd"); ?>in the Output field. - Return to Structure and create a new Article, select the Modules added in the previous step as the Template.
- Click "Add slice".