phpFileManager 0.9.8 Remote Command Execution - Noah J Franklin

Technical Blog

phpFileManager 0.9.8 Remote Command Execution

phpFileManager 0.9.8 Remote Command Execution


phpFileManager is a complete filesystem management tool on a single file. Features: server info, directory tree, copy/move/delete/create/rename/edit/view/chmod files and folders, tar/zip/bzip/gzip, multiple uploads, shell/exec, works on linux/windows


  • server info
  • directory tree
  • copy/move/delete/create/rename/edit/view/chmod files and folders
  • tar/zip/bzip/gzip
  • multiple uploads
  • shell/exec
  • works on linux/windows


 PHPFileManager is vulnerable to remote command execution and will call operating system commands via GET requests from a victims browser. By getting the victim to click our malicious link or visit our malicious website.

Exploit code(s):

Remote Command Execution:

1- call Windows cmd.exe


2- Run Windows calc.exe



Source from :