Advertisement






PGR-Filemanager | Arbitrary File Upload

CVE Category Price Severity
CVE-2019-6690 CWE-434 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-08-06
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021080024

Below is a copy:

PGR-Filemanager | Arbitrary File Upload
Exploit Title : PGR-Filemanager | Arbitrary File Upload
# Vendor Homepage : N/A
# Discovered By : KimiHmei7
# Author Homepage : HTTPS://TEGALSEC.ORG

# Google Dork : inurl:/plugins/pgrfilemanager/

# Step by Step
1. Dorking on google for find site
2. Add this exploit /PGRFileManager.php . 
example: ~ https://site.com/public/js/ckeditor/plugins/pgrfilemanager/PGRFileManager.php
If you see File Uploader mean that site is vulnerable. 
3. Upload shell with extension .txt
example : ~ shell.txt
4. Then rename into php extension.
5. You can find your shell in directory /public/upload/[folder]/shell.php
example : https://site.com/public/upload/[folder]/shell.php

# Demo?
No demo. Find vulnerable sites with your brain! 
Greetz :  Family Attack Cyber - Tegal1337

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.