automatic module_metadata_base.json update

rapid7 · May 21, 2024 · 0cd62c5 · 0cd62c5
1 parent 10acd86
commit 0cd62c5
Showing 1 changed file with 64 additions and 0 deletions.
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -98354,6 +98354,70 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_multi/http/avideo_wwbnindex_unauth_rce": {
+    "name": "AVideo WWBNIndex Plugin Unauthenticated RCE",
+    "fullname": "exploit/multi/http/avideo_wwbnindex_unauth_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2024-04-09",
+    "type": "exploit",
+    "author": [
+      "Valentin Lobstein"
+    ],
+    "description": "This module exploits an unauthenticated remote code execution (RCE) vulnerability\n          in the WWBNIndex plugin of the AVideo platform. The vulnerability exists within the\n          `submitIndex.php` file, where user-supplied input is passed directly to the `require()`\n          function without proper sanitization. By exploiting this, an attacker can leverage the\n          PHP filter chaining technique to execute arbitrary PHP code on the server. This allows\n          for the execution of commands and control over the affected system. The exploit is\n          particularly dangerous because it does not require authentication, making it possible\n          for any remote attacker to exploit this vulnerability.",
+    "references": [
+      "CVE-2024-31819",
+      "URL-https://github.com/WWBN/AVideo",
+      "URL-https://chocapikk.com/posts/2024/cve-2024-31819"
+    ],
+    "platform": "Linux,PHP,Unix,Windows",
+    "arch": "php, cmd",
+    "rport": 443,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Automatic",
+      "PHP In-Memory",
+      "Unix In-Memory",
+      "Windows In-Memory"
+    ],
+    "mod_time": "2024-05-15 22:13:53 +0000",
+    "path": "/modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/avideo_wwbnindex_unauth_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_multi/http/axis2_deployer": {
     "name": "Axis2 / SAP BusinessObjects Authenticated Code Execution (via SOAP)",
     "fullname": "exploit/multi/http/axis2_deployer",