automatic module_metadata_base.json update
This commit is contained in:
parent
6cf136ec3a
commit
253290d9c4
|
@ -110732,6 +110732,68 @@
|
|||
"session_types": false,
|
||||
"needs_cleanup": true
|
||||
},
|
||||
"exploit_unix/http/raspap_rce": {
|
||||
"name": "RaspAP Unauthenticated Command Injection",
|
||||
"fullname": "exploit/unix/http/raspap_rce",
|
||||
"aliases": [
|
||||
|
||||
],
|
||||
"rank": 600,
|
||||
"disclosure_date": "2023-07-31",
|
||||
"type": "exploit",
|
||||
"author": [
|
||||
"Ege BALCI <egebalci@pm.me>",
|
||||
"Ismael0x00"
|
||||
],
|
||||
"description": "RaspAP is feature-rich wireless router software that just works\n on many popular Debian-based devices, including the Raspberry Pi.\n A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows\n unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id\n parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.\n\n Successfully tested against RaspAP 2.8.0 and 2.8.7.",
|
||||
"references": [
|
||||
"CVE-2022-39986",
|
||||
"URL-https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2",
|
||||
"URL-https://github.com/advisories/GHSA-7c28-wg7r-pg6f"
|
||||
],
|
||||
"platform": "Linux,Unix",
|
||||
"arch": "cmd, x86, x64",
|
||||
"rport": 80,
|
||||
"autofilter_ports": [
|
||||
80,
|
||||
8080,
|
||||
443,
|
||||
8000,
|
||||
8888,
|
||||
8880,
|
||||
8008,
|
||||
3000,
|
||||
8443
|
||||
],
|
||||
"autofilter_services": [
|
||||
"http",
|
||||
"https"
|
||||
],
|
||||
"targets": [
|
||||
"Unix Command",
|
||||
"Linux Dropper"
|
||||
],
|
||||
"mod_time": "2023-08-10 10:10:02 +0000",
|
||||
"path": "/modules/exploits/unix/http/raspap_rce.rb",
|
||||
"is_install_path": true,
|
||||
"ref_name": "unix/http/raspap_rce",
|
||||
"check": true,
|
||||
"post_auth": false,
|
||||
"default_credential": false,
|
||||
"notes": {
|
||||
"Stability": [
|
||||
"crash-safe"
|
||||
],
|
||||
"Reliability": [
|
||||
"repeatable-session"
|
||||
],
|
||||
"SideEffects": [
|
||||
|
||||
]
|
||||
},
|
||||
"session_types": false,
|
||||
"needs_cleanup": null
|
||||
},
|
||||
"exploit_unix/http/schneider_electric_net55xx_encoder": {
|
||||
"name": "Schneider Electric Pelco Endura NET55XX Encoder",
|
||||
"fullname": "exploit/unix/http/schneider_electric_net55xx_encoder",
|
||||
|
|
Loading…
Reference in New Issue