Skip to content

Commit 468b102

Browse files
author
jenkins-metasploit
committed
automatic module_metadata_base.json update
1 parent 13b3e20 commit 468b102

File tree

1 file changed

+60
-0
lines changed

1 file changed

+60
-0
lines changed

db/modules_metadata_base.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -130777,6 +130777,66 @@
130777130777
"session_types": false,
130778130778
"needs_cleanup": null
130779130779
},
130780+
"exploit_unix/http/freepbx_unauth_sqli_to_rce": {
130781+
"name": "FreePBX ajax.php unuthenticated SQLi to RCE",
130782+
"fullname": "exploit/unix/http/freepbx_unauth_sqli_to_rce",
130783+
"aliases": [],
130784+
"rank": 600,
130785+
"disclosure_date": "2025-08-28",
130786+
"type": "exploit",
130787+
"author": [
130788+
"Echo_Slow",
130789+
"Piotr Bazydlo",
130790+
"Sonny"
130791+
],
130792+
"description": "This module exploits an unauthenticated SQL injection flaw in FreePBX prior to versions 15.0.66, 16.0.89,\n and 17.0.3. The vulnerability lies in the /admin/ajax.php endpoint, which is accessible without\n authentication. Additionally, the database user created by FreePBX can schedule cronjobs, allowing\n remote code execution on the target system.",
130793+
"references": [
130794+
"CVE-2025-57819",
130795+
"URL-https://labs.watchtowr.com/you-already-have-our-personal-data-take-our-phone-calls-too-freepbx-cve-2025-57819/"
130796+
],
130797+
"platform": "Linux",
130798+
"arch": "cmd",
130799+
"rport": 80,
130800+
"autofilter_ports": [
130801+
80,
130802+
8080,
130803+
443,
130804+
8000,
130805+
8888,
130806+
8880,
130807+
8008,
130808+
3000,
130809+
8443
130810+
],
130811+
"autofilter_services": [
130812+
"http",
130813+
"https"
130814+
],
130815+
"targets": [
130816+
"Unix Command"
130817+
],
130818+
"mod_time": "2025-09-22 17:34:00 +0000",
130819+
"path": "/modules/exploits/unix/http/freepbx_unauth_sqli_to_rce.rb",
130820+
"is_install_path": true,
130821+
"ref_name": "unix/http/freepbx_unauth_sqli_to_rce",
130822+
"check": true,
130823+
"post_auth": false,
130824+
"default_credential": false,
130825+
"notes": {
130826+
"Stability": [
130827+
"crash-safe"
130828+
],
130829+
"Reliability": [
130830+
"repeatable-session"
130831+
],
130832+
"SideEffects": [
130833+
"artifacts-on-disk",
130834+
"ioc-in-logs"
130835+
]
130836+
},
130837+
"session_types": false,
130838+
"needs_cleanup": null
130839+
},
130780130840
"exploit_unix/http/laravel_token_unserialize_exec": {
130781130841
"name": "PHP Laravel Framework token Unserialize Remote Command Execution",
130782130842
"fullname": "exploit/unix/http/laravel_token_unserialize_exec",

0 commit comments

Comments
 (0)