Skip to content

Commit 92c97b0

Browse files
author
jenkins-metasploit
committed
automatic module_metadata_base.json update
1 parent 6f9982d commit 92c97b0

File tree

1 file changed

+66
-0
lines changed

1 file changed

+66
-0
lines changed

db/modules_metadata_base.json

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -117986,6 +117986,72 @@
117986117986
"session_types": false,
117987117987
"needs_cleanup": true
117988117988
},
117989+
"exploit_multi/http/wso2_api_manager_file_upload_rce": {
117990+
"name": "WSO2 API Manager Documentation File Upload Remote Code Execution",
117991+
"fullname": "exploit/multi/http/wso2_api_manager_file_upload_rce",
117992+
"aliases": [
117993+
117994+
],
117995+
"rank": 600,
117996+
"disclosure_date": "2024-05-31",
117997+
"type": "exploit",
117998+
"author": [
117999+
"Siebene@ <@Siebene7>",
118000+
"Heyder Andrade <@HeyderAndrade>",
118001+
"Redway Security <redwaysecurity.com>"
118002+
],
118003+
"description": "A vulnerability in the 'Add API Documentation' feature allows malicious users with specific permissions\n (`/permission/admin/login` and `/permission/admin/manage/api/publish`) to upload arbitrary files to a user-controlled\n server location. This flaw could be exploited to execute remote code, enabling an attacker to gain control over the server.",
118004+
"references": [
118005+
"URL-https://github.com/redwaysecurity/CVEs/tree/main/WSO2-2023-2988",
118006+
"URL-https://blog.redwaysecurity.com/2024/11/wso2-4.2.0-remote-code-execution.html",
118007+
"URL-https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2023-2988/"
118008+
],
118009+
"platform": "Linux,Windows",
118010+
"arch": "java",
118011+
"rport": 9443,
118012+
"autofilter_ports": [
118013+
80,
118014+
8080,
118015+
443,
118016+
8000,
118017+
8888,
118018+
8880,
118019+
8008,
118020+
3000,
118021+
8443
118022+
],
118023+
"autofilter_services": [
118024+
"http",
118025+
"https"
118026+
],
118027+
"targets": [
118028+
"Automatic",
118029+
"WSO2 API Manager (3.1.0 - 4.0.0)",
118030+
"WSO2 API Manager (4.1.0)",
118031+
"WSO2 API Manager (4.2.0)"
118032+
],
118033+
"mod_time": "2024-12-11 11:58:53 +0000",
118034+
"path": "/modules/exploits/multi/http/wso2_api_manager_file_upload_rce.rb",
118035+
"is_install_path": true,
118036+
"ref_name": "multi/http/wso2_api_manager_file_upload_rce",
118037+
"check": true,
118038+
"post_auth": true,
118039+
"default_credential": false,
118040+
"notes": {
118041+
"Stability": [
118042+
"crash-safe"
118043+
],
118044+
"SideEffects": [
118045+
"ioc-in-logs",
118046+
"artifacts-on-disk"
118047+
],
118048+
"Reliability": [
118049+
"repeatable-session"
118050+
]
118051+
},
118052+
"session_types": false,
118053+
"needs_cleanup": true
118054+
},
117989118055
"exploit_multi/http/wso2_file_upload_rce": {
117990118056
"name": "WSO2 Arbitrary File Upload to RCE",
117991118057
"fullname": "exploit/multi/http/wso2_file_upload_rce",

0 commit comments

Comments
 (0)