{"id":1916,"date":"2025-04-27T22:33:39","date_gmt":"2025-04-27T22:33:39","guid":{"rendered":"http:\/\/localhost\/?p=1916"},"modified":"2025-04-27T22:33:39","modified_gmt":"2025-04-27T22:33:39","slug":"exploit-for-unrestricted-upload-of-file-with-dangerous-type-in-backdropcms-backdrop-cms","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=1916","title":{"rendered":"Exploit for Unrestricted Upload of File with Dangerous Type in Backdropcms Backdrop Cms"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nExploit for Unrestricted Upload of File with Dangerous Type in Backdropcms Backdrop Cms<\/td>\n<\/tr>\n
Type<\/th>\ngithubexploit<\/td>\n<\/tr>\n
Published<\/th>\n2025-04-27T17:54:27<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-04-28T03:03:40<\/td>\n<\/tr>\n
CVSS Score<\/th>\n8.8 (HIGH)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nLOW<\/td>\n<\/tr>\n
Privileges Required<\/th>\nLOW<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nUNCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Availability Impact<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2022-42902, CVE-2023-46818, CVE-2022-42092<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\nexploit<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n # CVE-2022-42092 Python Exploit<\/p>\n

## \ud83d\udd25 Description
\nThis Python exploit script targets an unrestricted file upload in Backdrop CMS to achieve a Remote Code Execution (RCE).<\/p>\n

## \u26a0\ufe0f Affected Versions
\nVersion 1.22.0 and prior version
\nNote: Backdrop CMS disputes this and argues that advanced permissions are required, which is why it might still exist in versions above 1.22.0. I\u2019m guessing they mean you would need to have admin access first. Still, it\u2019s a valid vulnerability, and it can definitely be exploited to gain full system control.<\/p>\n

## \u2699\ufe0f Usage
\n“`shell
\npython3 CVE-2022-42902.py \n“`
\nImportant: Start your listener before running the script:
\n“`shell
\nnc -lvnp \n“`<\/p>\n

## \ud83d\udcbb Sample Run
\n![image](https:\/\/github.com\/user-attachments\/assets\/62f02ffc-3de5-4b72-b274-9575e3b4780f)<\/p>\n

## \u2139\ufe0f Reference
\n– [CVE-2022-42092 Detail](https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-42092)<\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n8.8<\/td>\n<\/tr>\n
Severity<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n