Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-16763

Description

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.

POC

Reference

- http://packetstormsecurity.com/files/153696/fuelCMS-1.4.1-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/164756/Fuel-CMS-1.4.1-Remote-Code-Execution.html

- https://0xd0ff9.wordpress.com/2019/07/19/from-code-evaluation-to-pre-auth-remote-code-execution-cve-2018-16763-bypass/

- https://www.exploit-db.com/exploits/47138

Github

- https://github.com/0xT11/CVE-POC

- https://github.com/1337kid/Exploits

- https://github.com/20142995/nuclei-templates

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/Aakash-M-o-d-i/Tryhackme_Ignite_Walkthrough

- https://github.com/ArtemCyberLab/Project-Exploiting-a-Vulnerability-in-Fuel-CMS-CVE-2018-16763-

- https://github.com/AyslanBatista/rust-offsec

- https://github.com/B7T3/CVE-2018-16763_FuelCMS-1.4.1_RCE

- https://github.com/BhattJayD/IgniteCTF

- https://github.com/BrunoPincho/cve-2018-16763-rust

- https://github.com/CovertOperation/Fuel-CMS-1.4.1

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/Errahulaws/fuel-cms-1.4-RCA-exploit

- https://github.com/HydraThreatLabs/RedTeam

- https://github.com/Kz0x-337/CVE-2018-16763

- https://github.com/N3rdyN3xus/CVE-2018-16763

- https://github.com/NaturalT314/CVE-2018-16763

- https://github.com/NyxByt3/CVE-2018-16763

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/Seby26Dev/-THM-Ignite

- https://github.com/SlizBinksman/THM-Vulnerability_Capstone-CVE-2018-16763

- https://github.com/Sp3c73rSh4d0w/CVE-2018-16763

- https://github.com/VitoBonetti/CVE-2018-16763

- https://github.com/altsun/CVE-2018-16763-FuelCMS-1.4.1-RCE

- https://github.com/andreidiaconescu18/FuelCMS-1.4.1-RCE-for-TryHackMe

- https://github.com/anquanscan/sec-tools

- https://github.com/antisecc/CVE-2018-16763

- https://github.com/apololifter/fuelcms-rce

- https://github.com/c0d3cr4f73r/CVE-2018-16763

- https://github.com/crypticdante/CVE-2018-16763

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/dinhbaouit/CVE-2018-16763

- https://github.com/dv-smith/Tryhackme-Vulnerability-Capstone

- https://github.com/ecebotarosh/CVE-2018-16763-exploit

- https://github.com/h3x0v3rl0rd/CVE-2018-16763

- https://github.com/h3xcr4ck3r/CVE-2018-16763

- https://github.com/hikarihacks/CVE-2018-16763-exploit

- https://github.com/ice-wzl/Fuel-1.4.1-RCE-Updated

- https://github.com/jordansinclair1990/TryHackMeIgnite

- https://github.com/jtaubs1/Fuel-1.4.1-RCE-Updated

- https://github.com/k4is3r13/Bash-Script-CVE-2018-16763

- https://github.com/k4u5h41/CVE-2018-16763

- https://github.com/kxisxr/Bash-Script-CVE-2018-16763

- https://github.com/merlinepedra/nuclei-templates

- https://github.com/merlinepedra25/nuclei-templates

- https://github.com/n3m1dotsys/CVE-2018-16763-Exploit-Python3

- https://github.com/n3m1dotsys/n3m1dotsys

- https://github.com/n3m1sys/CVE-2018-16763-Exploit-Python3

- https://github.com/n3m1sys/n3m1sys

- https://github.com/n3ov4n1sh/CVE-2018-16763

- https://github.com/n3rdh4x0r/CVE-2018-16763

- https://github.com/neharidha/Vulnerability-Capstone

- https://github.com/noraj/fuelcms-rce

- https://github.com/not1cyyy/CVE-2018-16763

- https://github.com/p0dalirius/CVE-2018-16763-FuelCMS-1.4.1-RCE

- https://github.com/padsalatushal/CVE-2018-16763

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/saccles/CVE-2018-16763-Proof-of-Concept

- https://github.com/saccles/CVE_2018_16763_Proof_of_Concept

- https://github.com/savior-only/javafx_tools

- https://github.com/shoamshilo/Fuel-CMS-Remote-Code-Execution-1.4--RCE--

- https://github.com/sobinge/nuclei-templates

- https://github.com/tobiasGuta/custom-poc

- https://github.com/uwueviee/Fu3l-F1lt3r

- https://github.com/wizardy0ga/THM-Vulnerability_Capstone-CVE-2018-16763