automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit 67ff15edebf2 · 2025-10-09T18:59:02.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -78961,6 +78961,65 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/motioneye_auth_rce_cve_2025_60787": {
+    "name": "Remote Code Execution Vulnerability in MotionEye Frontend (CVE-2025-60787)",
+    "fullname": "exploit/linux/http/motioneye_auth_rce_cve_2025_60787",
+    "aliases": [],
+    "rank": 600,
+    "disclosure_date": "2025-09-09",
+    "type": "exploit",
+    "author": [
+      "Maksim Rogov",
+      "prabhatverma47"
+    ],
+    "description": "This module exploits a template injection vulnerability in the MotionEye Frontend.\n\n          MotionEye Frontend versions 0.43.1b4 and prior are vulnerable to OS Command Injection in configuration parameters such as image_file_name.\n          Unsanitized user input is written to MotionEye Frontend configuration files, allowing remote authenticated attackers with admin access to achieve code execution.\n\n          Successful exploitation will result in the command executing as the user running\n          the web server, potentially exposing sensitive data or disrupting survey operations.\n\n          An attacker can execute arbitrary system commands in the context of the user running the web server.",
+    "references": [
+      "CVE-2025-60787",
+      "URL-https://github.com/prabhatverma47/motionEye-RCE-through-config-parameter"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix Command"
+    ],
+    "mod_time": "2025-10-09 21:51:31 +0000",
+    "path": "/modules/exploits/linux/http/motioneye_auth_rce_cve_2025_60787.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/motioneye_auth_rce_cve_2025_60787",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/multi_ncc_ping_exec": {
     "name": "D-Link/TRENDnet NCC Service Command Injection",
     "fullname": "exploit/linux/http/multi_ncc_ping_exec",
