automatic module_metadata_base.json update

rapid7 · Nov 21, 2024 · d75ed35 · d75ed35
1 parent d95d549
commit d75ed35
Showing 1 changed file with 62 additions and 0 deletions.
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -80774,6 +80774,68 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/projectsend_unauth_rce": {
+    "name": "ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution",
+    "fullname": "exploit/linux/http/projectsend_unauth_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2024-07-19",
+    "type": "exploit",
+    "author": [
+      "Florent Sicchio",
+      "Hugo Clout",
+      "ostrichgolf"
+    ],
+    "description": "This module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605.\n          The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration,\n          disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server.",
+    "references": [
+      "URL-https://github.com/projectsend/projectsend/commit/193367d937b1a59ed5b68dd4e60bd53317473744",
+      "URL-https://www.synacktiv.com/sites/default/files/2024-07/synacktiv-projectsend-multiple-vulnerabilities.pdf"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "PHP Command"
+    ],
+    "mod_time": "2024-08-30 20:22:52 +0000",
+    "path": "/modules/exploits/linux/http/projectsend_unauth_rce.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/projectsend_unauth_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/pulse_secure_cmd_exec": {
     "name": "Pulse Secure VPN Arbitrary Command Execution",
     "fullname": "exploit/linux/http/pulse_secure_cmd_exec",