diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index 494c9651ac0c..b6e39a03b25e 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -80774,6 +80774,68 @@ "session_types": false, "needs_cleanup": null }, + "exploit_linux/http/projectsend_unauth_rce": { + "name": "ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution", + "fullname": "exploit/linux/http/projectsend_unauth_rce", + "aliases": [ + + ], + "rank": 600, + "disclosure_date": "2024-07-19", + "type": "exploit", + "author": [ + "Florent Sicchio", + "Hugo Clout", + "ostrichgolf" + ], + "description": "This module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605.\n The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration,\n disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server.", + "references": [ + "URL-https://github.com/projectsend/projectsend/commit/193367d937b1a59ed5b68dd4e60bd53317473744", + "URL-https://www.synacktiv.com/sites/default/files/2024-07/synacktiv-projectsend-multiple-vulnerabilities.pdf" + ], + "platform": "", + "arch": "", + "rport": 80, + "autofilter_ports": [ + 80, + 8080, + 443, + 8000, + 8888, + 8880, + 8008, + 3000, + 8443 + ], + "autofilter_services": [ + "http", + "https" + ], + "targets": [ + "PHP Command" + ], + "mod_time": "2024-08-30 20:22:52 +0000", + "path": "/modules/exploits/linux/http/projectsend_unauth_rce.rb", + "is_install_path": true, + "ref_name": "linux/http/projectsend_unauth_rce", + "check": true, + "post_auth": false, + "default_credential": false, + "notes": { + "Stability": [ + "crash-safe" + ], + "Reliability": [ + "repeatable-session" + ], + "SideEffects": [ + "artifacts-on-disk", + "ioc-in-logs" + ] + }, + "session_types": false, + "needs_cleanup": null + }, "exploit_linux/http/pulse_secure_cmd_exec": { "name": "Pulse Secure VPN Arbitrary Command Execution", "fullname": "exploit/linux/http/pulse_secure_cmd_exec",