Vulnerable CKEditor used on version 4.2.9 in admidio/admidio
Jun 28th 2023
When attaching image on mail feature, the upload using ckeditor vulnerable version that lead to RCE.
Proof of Concept
- Go to messages,
- Write email
- add image
- Upload the php file.
- access the uploaded php file in /adm_my_files/mail/images/
Content-Disposition: form-data; name="upload"; filename="aaa.test.php" Content-Type: image/jpeg
<?php phpinfo(); ?>
Remote code execution