CVE-2023-6654 PoC — PHPEMS Session Data session.cls.php deserialization

Source

https://github.com/qfmy1024/CVE-2023-6654

Associated Vulnerability

Title:PHPEMS Session Data session.cls.php deserialization (CVE-2023-6654)
Description:A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.

Description

CVE-2023-6654 EXP

Readme

# CVE-2023-6654

PHPEMS Cookie反序列化漏洞，利用此漏洞可以通过反序列化修改SQL语句，通过SQL注入修改任意存在用户的密码或权限，默认管理员账号为peadmin

## Fofa指纹

# app="PHPEMS"

## 工具利用

`python exp.py -u http://127.0.0.1:1111`

`-u 参数指定PHPEMS的URL地址`

`-a 参数指定用户名，默认为PHPEMS默认管理员账号peadmin`

`-p 参数指定要修改的密码，默认为123456`

`-o 参数指定选项，0选项修改指定账号的密码，1选项修改指定账号的权限为管理员，默认修改指定账号的密码，不过还是推荐1选项`

exp：
![](exp.png)

## 免责声明

由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，作者不为此承担任何责任。

File Snapshot


 [4.0K]  /data/pocs/eb94430a141f9781e55206c8d659594f4c6545ca
├── [145K]  exp.png
├── [3.6K]  exp.py
├── [ 839]  README.md
└── [  32]  requirements.txt

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!