Share
## https://sploitus.com/exploit?id=1A808CE9-B43C-50A7-A06E-75B3C5A7D5AC
# CVE-2022-26134
Implementation of CVE-2022-26134

This repository contains my implementation of the exploit for CVE-2022-26134. The version implemented here
bypasses the `isSafeExpression` checks in versions such as 7.18.0. 

The exploit can be run in two modes:

The first mode allows you to run one command at a time:

```bash
python3 cve-2022-26134.py <host> <command>
```

This would return the output of the command if it succeeds or display an empty line if not

The second mode to run this command is interactive mode:

```bash
python3 cve-2022-26134.py <host> -i
```

This launches a non persistent interactive shell, where you can type commands, which get executed on the 
server and then display the results. No state is held between commands. 

![](assets/cve-2022-26134.gif)