Open
Description
https://github.com/yogeshojha/rengine
The rce vulnerability is caused by the code reading the value from the yaml file and splicing it directly into the os.system statement.
====================
If you try to reproduce the vulnerability, add the command you want to execute in the scan engine template in the background, then create a target and select the scan engine template for scanning. After a while, you will find that the command is successfully executed.



Metadata
Assignees
Labels
No labels
