Share
## https://sploitus.com/exploit?id=06A9A245-C974-5789-947A-04B8DE25186A
# SweetRice CMS 1.5.1 โ€“ Authenticated Remote Code Execution (RCE)

This repository contains a **proof-of-concept (PoC)** exploit for an  
**Authenticated Remote Code Execution vulnerability** in **SweetRice CMS version 1.5.1**.

The vulnerability allows an authenticated user to upload a malicious ZIP file,
which is automatically extracted and leads to **arbitrary PHP code execution**.

> โš ๏ธ **For educational and authorized security testing only**

---

## ๐Ÿ“Œ Affected Version

- **SweetRice CMS v1.5.1**

---

## โš™๏ธ Vulnerability Summary

- **Type:** Authenticated File Upload โ†’ Remote Code Execution
- **Attack Vector:** ZIP file upload via Media Center
- **Authentication:** Required
- **Impact:** Full remote command execution (reverse shell)

---

## ๐Ÿง  Exploit Flow

1. Authenticate to SweetRice CMS using valid credentials
2. Upload a malicious ZIP file containing a PHP payload
3. ZIP file is automatically extracted by the CMS
4. Uploaded PHP file is accessed
5. Reverse shell is triggered back to the attacker

---

## ๐Ÿ›  Requirements

- Python 3
- `requests`
- `termcolor`
- Netcat listener on attacker machine

Install dependencies:
```bash
pip3 install requests termcolor