Skip to content

Commit 72ae91e

Browse files
author
jenkins-metasploit
committed
automatic module_metadata_base.json update
1 parent c598d8b commit 72ae91e

File tree

1 file changed

+61
-0
lines changed

1 file changed

+61
-0
lines changed

db/modules_metadata_base.json

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -122311,6 +122311,67 @@
122311122311
"session_types": false,
122312122312
"needs_cleanup": null
122313122313
},
122314+
"exploit_unix/webapp/nextcloud_workflows_rce": {
122315+
"name": "Nextcloud Workflows Remote Code Execution",
122316+
"fullname": "exploit/unix/webapp/nextcloud_workflows_rce",
122317+
"aliases": [],
122318+
"rank": 600,
122319+
"disclosure_date": "2023-03-30",
122320+
"type": "exploit",
122321+
"author": [
122322+
"Enis Maholli",
122323+
"arianitisufi",
122324+
"Armend Gashi",
122325+
"whotwagner"
122326+
],
122327+
"description": "This module adds workflows as an authenticated user\n which can only be created by administrators by design.\n If the app \"Nextcloud Workflow Script\" is installed it\n is possible to generate a workflow that executes commands.",
122328+
"references": [
122329+
"URL-https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj",
122330+
"CVE-2023-26482"
122331+
],
122332+
"platform": "Linux,Unix",
122333+
"arch": "",
122334+
"rport": 80,
122335+
"autofilter_ports": [
122336+
80,
122337+
8080,
122338+
443,
122339+
8000,
122340+
8888,
122341+
8880,
122342+
8008,
122343+
3000,
122344+
8443
122345+
],
122346+
"autofilter_services": [
122347+
"http",
122348+
"https"
122349+
],
122350+
"targets": [
122351+
"nix Command"
122352+
],
122353+
"mod_time": "2025-05-15 09:16:26 +0000",
122354+
"path": "/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb",
122355+
"is_install_path": true,
122356+
"ref_name": "unix/webapp/nextcloud_workflows_rce",
122357+
"check": true,
122358+
"post_auth": true,
122359+
"default_credential": false,
122360+
"notes": {
122361+
"Stability": [
122362+
"crash-safe"
122363+
],
122364+
"Reliability": [
122365+
"repeatable-session"
122366+
],
122367+
"SideEffects": [
122368+
"artifacts-on-disk",
122369+
"ioc-in-logs"
122370+
]
122371+
},
122372+
"session_types": false,
122373+
"needs_cleanup": null
122374+
},
122314122375
"exploit_unix/webapp/open_flash_chart_upload_exec": {
122315122376
"name": "Open Flash Chart v2 Arbitrary File Upload",
122316122377
"fullname": "exploit/unix/webapp/open_flash_chart_upload_exec",

0 commit comments

Comments
 (0)