-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add RCE module for CVE-2022-35914 php code injection #17162
Conversation
Thanks for your pull request! Before this can be merged, we need the following documentation for your module: |
Co-authored-by: Brendan <bwatters@rapid7.com>
Release NotesThis PR adds a module for CVE-2022-35914, a php command injection vulnerability in GLPI versions up to and including 10.0.2. |
Thanks for the great PR @bwatters-r7! The installation instructions were straight forward and to the point. Was able to get a vulnerable instance installed with out issues. Everything seems logically and grammatically correct in everything from docs to exploit and check methods 👌
|
This PR adds a module for CVE-2022-35914, a php command injection vulnerability in GLPI versions up to and including 10.0.2.
Verification
List the steps needed to make sure this thing works
msfconsole
use exploit/linux/http/glpi_htmlawed_php_injection
set upripath <uripath>
set rhost <rhost>
set lhost <lhost>