|
98758 | 98758 | "session_types": false, |
98759 | 98759 | "needs_cleanup": null |
98760 | 98760 | }, |
| 98761 | + "exploit_multi/http/invision_customcss_rce": { |
| 98762 | + "name": "Invision Community 5.0.6 customCss RCE", |
| 98763 | + "fullname": "exploit/multi/http/invision_customcss_rce", |
| 98764 | + "aliases": [], |
| 98765 | + "rank": 600, |
| 98766 | + "disclosure_date": "2025-05-16", |
| 98767 | + "type": "exploit", |
| 98768 | + "author": [ |
| 98769 | + "Egidio Romano (EgiX)", |
| 98770 | + "Valentin Lobstein" |
| 98771 | + ], |
| 98772 | + "description": "Invision Community up to and including version 5.0.6 contains a remote code\n execution vulnerability in the theme editor's customCss endpoint. By crafting\n a specially formatted `content` parameter with a `{expression=\"…\"}`\n construct, arbitrary PHP can be evaluated. This module leverages that flaw\n to execute payloads or system commands as the webserver user.", |
| 98773 | + "references": [ |
| 98774 | + "CVE-2025-47916", |
| 98775 | + "URL-https://karmainsecurity.com/KIS-2025-02", |
| 98776 | + "URL-https://invisioncommunity.com" |
| 98777 | + ], |
| 98778 | + "platform": "Linux,PHP,Unix,Windows", |
| 98779 | + "arch": "php, cmd", |
| 98780 | + "rport": 80, |
| 98781 | + "autofilter_ports": [ |
| 98782 | + 80, |
| 98783 | + 8080, |
| 98784 | + 443, |
| 98785 | + 8000, |
| 98786 | + 8888, |
| 98787 | + 8880, |
| 98788 | + 8008, |
| 98789 | + 3000, |
| 98790 | + 8443 |
| 98791 | + ], |
| 98792 | + "autofilter_services": [ |
| 98793 | + "http", |
| 98794 | + "https" |
| 98795 | + ], |
| 98796 | + "targets": [ |
| 98797 | + "PHP In-Memory", |
| 98798 | + "Unix/Linux Command Shell", |
| 98799 | + "Windows Command Shell" |
| 98800 | + ], |
| 98801 | + "mod_time": "2025-05-21 08:39:52 +0000", |
| 98802 | + "path": "/modules/exploits/multi/http/invision_customcss_rce.rb", |
| 98803 | + "is_install_path": true, |
| 98804 | + "ref_name": "multi/http/invision_customcss_rce", |
| 98805 | + "check": true, |
| 98806 | + "post_auth": false, |
| 98807 | + "default_credential": false, |
| 98808 | + "notes": { |
| 98809 | + "Stability": [ |
| 98810 | + "crash-safe" |
| 98811 | + ], |
| 98812 | + "Reliability": [ |
| 98813 | + "repeatable-session" |
| 98814 | + ], |
| 98815 | + "SideEffects": [ |
| 98816 | + "ioc-in-logs" |
| 98817 | + ] |
| 98818 | + }, |
| 98819 | + "session_types": false, |
| 98820 | + "needs_cleanup": null |
| 98821 | + }, |
98761 | 98822 | "exploit_multi/http/ispconfig_php_exec": { |
98762 | 98823 | "name": "ISPConfig Authenticated Arbitrary PHP Code Execution", |
98763 | 98824 | "fullname": "exploit/multi/http/ispconfig_php_exec", |
|
0 commit comments