Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-32199 PoC — ScriptCase 路径遍历漏洞

Source
https://github.com/Toxich4/CVE-2022-32199
Associated Vulnerability
Title:ScriptCase 路径遍历漏洞 (CVE-2022-32199)
Description:db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter.
Readme
# CVE-2022-32199
ScriptCase <= 9.9.008 is vulnerable to
Arbitrary File Deletion by an admin
via a directory traversal sequence in the file parameter

How to use:
> python CVE-2022-32199.py -t 127.0.0.1 -u admin -p admin -path windows/win.ini



Example of deleting file in the root directory

![Image alt](https://github.com/Toxich4/CVE-2022-32199/blob/main/src/PoC.gif)
File Snapshot

 [4.0K]  /data/pocs/ec0061df494ffaf375b86010068951bb5d5162f5
├── [3.2K]  CVE-2022-32199.py
├── [ 371]  README.md
└── [4.0K]  src
    ├── [ 50K]  1.png
    ├── [584K]  2.mp4
    ├── [184K]  PoC.gif
    └── [  50]  Readme.md

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →