-
Notifications
You must be signed in to change notification settings - Fork 14.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
automatic module_metadata_base.json update
- Loading branch information
jenkins-metasploit
committed
Jan 9, 2025
1 parent
5cfaf48
commit ed292a9
Showing
1 changed file
with
63 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -80660,6 +80660,69 @@ | |
| "session_types": false, | ||
| "needs_cleanup": true | ||
| }, | ||
| "exploit_linux/http/pandora_fms_auth_rce_cve_2024_11320": { | ||
| "name": "Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password", | ||
| "fullname": "exploit/linux/http/pandora_fms_auth_rce_cve_2024_11320", | ||
| "aliases": [ | ||
|
|
||
| ], | ||
| "rank": 600, | ||
| "disclosure_date": "2024-11-21", | ||
| "type": "exploit", | ||
| "author": [ | ||
| "h00die-gr3y <[email protected]>", | ||
| "Askar mhaskar" | ||
| ], | ||
| "description": "Pandora FMS is a monitoring solution that provides full observability for your organization's\n technology. This module exploits an command injection vulnerability in the LDAP authentication\n mechanism of Pandora FMS.\n You need have admin access at the Pandora FMS Web application in order to execute this RCE.\n This access can be achieved leveraging a default password vulnerability in Pandora FMS that\n allows an attacker to access the Pandora FMS MySQL database, create a new admin user and gain\n administrative access to the Pandora FMS Web application. This attack can be remotely executed\n over the WAN as long as the MySQL services are exposed to the outside world.\n This issue affects Community, Free and Enterprise editions: from v7.0NG.718 through <= v7.0NG.777.4", | ||
| "references": [ | ||
| "CVE-2024-11320", | ||
| "URL-https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", | ||
| "URL-https://attackerkb.com/topics/CsDUaLijbT/cve-2024-11320" | ||
| ], | ||
| "platform": "Linux,PHP,Unix", | ||
| "arch": "cmd, php", | ||
| "rport": 443, | ||
| "autofilter_ports": [ | ||
| 80, | ||
| 8080, | ||
| 443, | ||
| 8000, | ||
| 8888, | ||
| 8880, | ||
| 8008, | ||
| 3000, | ||
| 8443 | ||
| ], | ||
| "autofilter_services": [ | ||
| "http", | ||
| "https" | ||
| ], | ||
| "targets": [ | ||
| "PHP Command", | ||
| "Unix/Linux Command" | ||
| ], | ||
| "mod_time": "2024-12-23 19:45:29 +0000", | ||
| "path": "/modules/exploits/linux/http/pandora_fms_auth_rce_cve_2024_11320.rb", | ||
| "is_install_path": true, | ||
| "ref_name": "linux/http/pandora_fms_auth_rce_cve_2024_11320", | ||
| "check": true, | ||
| "post_auth": true, | ||
| "default_credential": false, | ||
| "notes": { | ||
| "Stability": [ | ||
| "crash-safe" | ||
| ], | ||
| "SideEffects": [ | ||
| "artifacts-on-disk", | ||
| "ioc-in-logs" | ||
| ], | ||
| "Reliability": [ | ||
| "repeatable-session" | ||
| ] | ||
| }, | ||
| "session_types": false, | ||
| "needs_cleanup": null | ||
| }, | ||
| "exploit_linux/http/pandora_fms_events_exec": { | ||
| "name": "Pandora FMS Events Remote Command Execution", | ||
| "fullname": "exploit/linux/http/pandora_fms_events_exec", | ||
|
|
||