Vulnerability CVE-2022-4136


Published: 2022-11-24

Description:
Attackers can call any existing functions at will, control the target server to access, download, create files, delete files, etc. Access may make the server a dos server. Download, so that an attacker can download the PHP Trojan to the server. Creating and deleting will destroy normal services. More than ten IPs are using this service.

 References:
https://huntr.dev/bounties/fe418ae1-7c80-4d91-8a5a-923d60ba78c3
https://github.com/qmpaas/leadshop/commit/f27e9ca5c93eaadda1097396b65c234b16186d67

Copyright 2022, cxsecurity.com

 

Back to Top