Share
## https://sploitus.com/exploit?id=8142EEF8-7DE0-53E9-80F1-A343A33B4A99
# GravCMS 1.10.7 - Unauthenticated Remote Code Execution (RCE)
[](https://vulners.com/cve/CVE-2022-2073)
[](https://www.python.org/)
[](LICENSE)
> *"A child lost in the dark. A server waiting to fall. No words. No mercy. Just exploitation."* โ Playdead Style
## ๐ Overview
This exploit targets **GravCMS 1.10.7** which contains an unauthenticated arbitrary YAML write vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the scheduler functionality, allowing attackers to inject malicious cron jobs without authentication.
### Vulnerability Details
| Field | Value |
|-------|-------|
| **CVE** | CVE-2022-2073 |
| **Affected Version** | GravCMS 1.10.7 and below |
| **Attack Vector** | HTTP POST to scheduler endpoint |
| **Authentication** | None required |
| **Impact** | Complete system compromise |
| **CVSS Score** | 9.8 (Critical) |
## ๐ฏ Features
- โ
**Unuthenticated exploitation** - No login required
- ๐ **Multiple shell types** - bash, nc, python, php
- ๐จ **Playdead-style interface** - Dark, minimalist aesthetic
- ๐ **Verbose mode** - Detailed debugging output
- ๐ **Pre-exploit validation** - Checks if target is vulnerable
- โก **Multiple payload templates** - Increases success rate
- ๐ก๏ธ **Silent mode** - OPSEC friendly option
## ๐ฆ Installation
```bash
# Clone the repository
git clone https://github.com/yourusername/grav-exploit.git
cd grav-exploit
# Make the script executable
chmod +x grav_exploit.py
# Install dependencies (if any)
pip3 install requests