automatic module_metadata_base.json update
This commit is contained in:
parent
efdc7f062e
commit
eeaf795edd
|
@ -94003,6 +94003,55 @@
|
|||
},
|
||||
"needs_cleanup": true
|
||||
},
|
||||
"exploit_unix/webapp/openmediavault_rpc_rce": {
|
||||
"name": "OpenMediaVault rpc.php Authenticated PHP Code Injection",
|
||||
"fullname": "exploit/unix/webapp/openmediavault_rpc_rce",
|
||||
"aliases": [
|
||||
|
||||
],
|
||||
"rank": 600,
|
||||
"disclosure_date": "2020-09-28",
|
||||
"type": "exploit",
|
||||
"author": [
|
||||
"Anastasios Stasinopoulos"
|
||||
],
|
||||
"description": "This module exploits an authenticated PHP code injection\n vulnerability found in openmediavault versions before 4.1.36\n and 5.x versions before 5.5.12 inclusive in the \"sortfield\"\n POST parameter of the rpc.php page, because \"json_encode_safe()\"\n is not used in config/databasebackend.inc.\n Successful exploitation grants attackers the ability to execute\n arbitrary commands on the underlying operating system as root.",
|
||||
"references": [
|
||||
"CVE-2020-26124",
|
||||
"URL-https://www.openmediavault.org/?p=2797"
|
||||
],
|
||||
"platform": "Linux,Unix",
|
||||
"arch": "cmd, x86, x64",
|
||||
"rport": 80,
|
||||
"autofilter_ports": [
|
||||
80,
|
||||
8080,
|
||||
443,
|
||||
8000,
|
||||
8888,
|
||||
8880,
|
||||
8008,
|
||||
3000,
|
||||
8443
|
||||
],
|
||||
"autofilter_services": [
|
||||
"http",
|
||||
"https"
|
||||
],
|
||||
"targets": [
|
||||
"Automatic (Linux Dropper)"
|
||||
],
|
||||
"mod_time": "2020-11-24 13:41:57 +0000",
|
||||
"path": "/modules/exploits/unix/webapp/openmediavault_rpc_rce.rb",
|
||||
"is_install_path": true,
|
||||
"ref_name": "unix/webapp/openmediavault_rpc_rce",
|
||||
"check": true,
|
||||
"post_auth": true,
|
||||
"default_credential": true,
|
||||
"notes": {
|
||||
},
|
||||
"needs_cleanup": null
|
||||
},
|
||||
"exploit_unix/webapp/opennetadmin_ping_cmd_injection": {
|
||||
"name": "OpenNetAdmin Ping Command Injection",
|
||||
"fullname": "exploit/unix/webapp/opennetadmin_ping_cmd_injection",
|
||||
|
|
Loading…
Reference in New Issue