Unauthenticated OS Command Injection RCE in Control Web Panel Filemanager changePerm

This repository provides a proof-of-concept (PoC) exploit for CVE-2025-48703, a remote code execution (RCE) vulnerability in the 'filemanager' module of cPanel (or similar web hosting panels). The vulnerability is due to unsanitized input in the 'acc=changePerm' function, allowing attackers to inject and execute arbitrary system commands via the 't_total' parameter in a POST request to the admin interface (typically on port 2083 over HTTPS). The repository contains three files: - 'CVE-2025-48703/Exploit.py': The main exploit script, written in Python, which reads a list of target IPs from 'target.txt' and attempts to exploit each by sending a crafted POST request. If the response contains 'uid=', it confirms successful command execution. - 'CVE-2025-48703/target.txt': An (empty) file intended to contain a list of target IP addresses, one per line. - 'README.md': Documentation describing the vulnerability, its impact, usage instructions, and a curl-based PoC for manual exploitation (including a reverse shell example). The exploit requires minimal authentication (default user 'admin') and targets the web admin interface. The payload is customizable, allowing for arbitrary command execution, including reverse shells. The attack vector is network-based, exploiting a web application endpoint. No hardcoded IPs or domains are present; targets are supplied by the user via 'target.txt'.

This repository provides a proof-of-concept (PoC) exploit for CVE-2025-48703, a remote code execution (RCE) vulnerability in the filemanager module of cPanel (or similar web hosting panels). The vulnerability is due to unsanitized input in the 'acc=changePerm' function, allowing attackers to inject system commands via the 't_total' parameter. The main exploit script (Exploit.py) is a Python tool that reads a list of target IPs from 'target.txt' and attempts to exploit each by sending a crafted POST request to the vulnerable endpoint on port 2083, using the 'admin' user by default. Successful exploitation is detected by the presence of 'uid=' in the response, indicating command execution. The README provides additional context, including a curl-based reverse shell payload and usage instructions. The repository is structured with a single exploit script, a (blank) target list, and documentation. No framework is used; the exploit is a standalone PoC.

This repository provides a proof-of-concept (PoC) exploit for CVE-2025-48703, a critical unauthenticated remote code execution (RCE) vulnerability in CentOS Web Panel (CWP) versions 0.9.8.1204 and earlier. The exploit is implemented in Python (in 'PoC.txt') and works by sending a POST request to the vulnerable '/admin/index.php?module=filemanager&acc=changePerm' endpoint, injecting a system command ('id') via the 't_total' parameter. If the command executes successfully, the script detects this by searching for 'uid=' in the response, indicating RCE. The script can scan multiple targets listed in a 'targets.txt' file and requires a known valid (non-root) CWP username. The README provides context about the vulnerability, affected versions, and instructions for gathering targets using Shodan. The repository is structured with a single exploit script and a README, and does not include weaponized or framework-based code.

This repository provides a proof-of-concept (PoC) exploit and scanner for CVE-2025-48703, a remote code execution (RCE) vulnerability in the filemanager module of cPanel or CentOS Web Panel. The vulnerability is due to unsanitized input in the 'acc=changePerm' function, allowing attackers to inject system commands via the 't_total' parameter. The repository contains three files: a README.md with detailed vulnerability and exploitation instructions, a Python script (Scanner.py) that automates scanning and exploitation attempts against a list of targets, and an empty targets.txt file intended for user-supplied target IPs or hostnames. The exploit can be used to execute arbitrary commands (such as 'id') or spawn a reverse shell on the target server. The scanner script disables SSL verification, reads targets from a file, and attempts to exploit each by sending a POST request to the vulnerable endpoint. The attack vector is network-based, targeting the web management interface over HTTPS. No hardcoded IPs or credentials are present; the user must supply a valid username and targets. The repository is a functional PoC, not weaponized, and is suitable for security testing and vulnerability verification.