automatic module_metadata_base.json update

msjenkins-r7 · msjenkins-r7 · commit ebba72a51b76 · 2024-09-11T09:19:17.000-05:00
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -110745,6 +110745,71 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_multi/http/spip_connect_exec": {
+    "name": "SPIP connect Parameter PHP Injection",
+    "fullname": "exploit/multi/http/spip_connect_exec",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2012-07-04",
+    "type": "exploit",
+    "author": [
+      "Arnaud Pachot",
+      "Frederic Cikala",
+      "Davy Douhine",
+      "Valentin Lobstein"
+    ],
+    "description": "This module exploits a PHP code injection vulnerability in SPIP. The vulnerability exists\n          in the connect parameter, allowing an unauthenticated user to execute arbitrary commands\n          with web user privileges. Branches 2.0, 2.1, and 3 are affected. Vulnerable versions are\n          < 2.0.21, < 2.1.16, and < 3.0.3. This module is compatible with both Unix/Linux and Windows\n          platforms, and has been successfully tested on SPIP 2.0.11 and SPIP 2.0.20 on Apache running\n          on Ubuntu, Fedora, and Windows Server.",
+    "references": [
+      "OSVDB-83543",
+      "BID-54292",
+      "URL-http://contrib.spip.net/SPIP-3-0-3-2-1-16-et-2-0-21-a-l-etape-303-epate-la"
+    ],
+    "platform": "Linux,PHP,Unix,Windows",
+    "arch": "php, cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "PHP In-Memory",
+      "Unix/Linux Command Shell",
+      "Windows Command Shell"
+    ],
+    "mod_time": "2024-09-08 07:01:23 +0000",
+    "path": "/modules/exploits/multi/http/spip_connect_exec.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/spip_connect_exec",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_multi/http/spip_porte_plume_previsu_rce": {
     "name": "SPIP Unauthenticated RCE via porte_plume Plugin",
     "fullname": "exploit/multi/http/spip_porte_plume_previsu_rce",
@@ -110761,6 +110826,7 @@
     ],
     "description": "This module exploits a Remote Code Execution vulnerability in SPIP versions up to and including 4.2.12.\n          The vulnerability occurs in SPIP’s templating system where it incorrectly handles user-supplied input,\n          allowing an attacker to inject and execute arbitrary PHP code. This can be achieved by crafting a\n          payload manipulating the templating data processed by the `echappe_retour()` function, invoking\n          `traitements_previsu_php_modeles_eval()`, which contains an `eval()` call.",
     "references": [
+      "CVE-2024-7954",
       "URL-https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html",
       "URL-https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather"
     ],
@@ -110787,7 +110853,7 @@
       "Unix/Linux Command Shell",
       "Windows Command Shell"
     ],
-    "mod_time": "2024-08-20 19:41:05 +0000",
+    "mod_time": "2024-09-08 07:54:11 +0000",
     "path": "/modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb",
     "is_install_path": true,
     "ref_name": "multi/http/spip_porte_plume_previsu_rce",
@@ -110809,6 +110875,71 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_multi/http/spip_rce_form": {
+    "name": "SPIP form PHP Injection",
+    "fullname": "exploit/multi/http/spip_rce_form",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-02-27",
+    "type": "exploit",
+    "author": [
+      "coiffeur",
+      "Laluka",
+      "Julien Voisin",
+      "Valentin Lobstein"
+    ],
+    "description": "This module exploits a PHP code injection in SPIP. The vulnerability exists in the\n          oubli parameter and allows an unauthenticated user to execute arbitrary commands\n          with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions\n          are <3.2.18, <4.0.10, <4.1.18 and <4.2.1.",
+    "references": [
+      "URL-https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html",
+      "URL-https://therealcoiffeur.com/c11010",
+      "CVE-2023-27372"
+    ],
+    "platform": "Linux,PHP,Unix,Windows",
+    "arch": "php, cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "PHP In-Memory",
+      "Unix/Linux Command Shell",
+      "Windows Command Shell"
+    ],
+    "mod_time": "2024-09-08 07:01:23 +0000",
+    "path": "/modules/exploits/multi/http/spip_rce_form.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/spip_rce_form",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_multi/http/splunk_mappy_exec": {
     "name": "Splunk Search Remote Code Execution",
     "fullname": "exploit/multi/http/splunk_mappy_exec",
@@ -131006,122 +131137,6 @@
     "session_types": false,
     "needs_cleanup": null
   },
-  "exploit_unix/webapp/spip_connect_exec": {
-    "name": "SPIP connect Parameter PHP Injection",
-    "fullname": "exploit/unix/webapp/spip_connect_exec",
-    "aliases": [
-
-    ],
-    "rank": 600,
-    "disclosure_date": "2012-07-04",
-    "type": "exploit",
-    "author": [
-      "Arnaud Pachot",
-      "Frederic Cikala",
-      "Davy Douhine"
-    ],
-    "description": "This module exploits a PHP code injection in SPIP. The vulnerability exists in the\n        connect parameter and allows an unauthenticated user to execute arbitrary commands\n        with web user privileges. Branches 2.0, 2.1 and 3 are concerned. Vulnerable versions\n        are <2.0.21, <2.1.16 and < 3.0.3, but this module works only against branch 2.0 and\n        has been tested successfully with SPIP 2.0.11 and SPIP 2.0.20 with Apache on Ubuntu\n        and Fedora linux distributions.",
-    "references": [
-      "OSVDB-83543",
-      "BID-54292",
-      "URL-http://contrib.spip.net/SPIP-3-0-3-2-1-16-et-2-0-21-a-l-etape-303-epate-la"
-    ],
-    "platform": "PHP",
-    "arch": "php",
-    "rport": 80,
-    "autofilter_ports": [
-      80,
-      8080,
-      443,
-      8000,
-      8888,
-      8880,
-      8008,
-      3000,
-      8443
-    ],
-    "autofilter_services": [
-      "http",
-      "https"
-    ],
-    "targets": [
-      "Automatic"
-    ],
-    "mod_time": "2024-08-19 16:28:52 +0000",
-    "path": "/modules/exploits/unix/webapp/spip_connect_exec.rb",
-    "is_install_path": true,
-    "ref_name": "unix/webapp/spip_connect_exec",
-    "check": true,
-    "post_auth": false,
-    "default_credential": false,
-    "notes": {
-    },
-    "session_types": false,
-    "needs_cleanup": null
-  },
-  "exploit_unix/webapp/spip_rce_form": {
-    "name": "SPIP form PHP Injection",
-    "fullname": "exploit/unix/webapp/spip_rce_form",
-    "aliases": [
-
-    ],
-    "rank": 600,
-    "disclosure_date": "2023-02-27",
-    "type": "exploit",
-    "author": [
-      "coiffeur",
-      "Laluka",
-      "Julien Voisin"
-    ],
-    "description": "This module exploits a PHP code injection in SPIP. The vulnerability exists in the\n          oubli parameter and allows an unauthenticated user to execute arbitrary commands\n          with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions\n          are <3.2.18, <4.0.10, <4.1.18 and <4.2.1.",
-    "references": [
-      "URL-https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html",
-      "URL-https://therealcoiffeur.com/c11010",
-      "CVE-2023-27372"
-    ],
-    "platform": "Linux,PHP,Unix",
-    "arch": "php, cmd",
-    "rport": 80,
-    "autofilter_ports": [
-      80,
-      8080,
-      443,
-      8000,
-      8888,
-      8880,
-      8008,
-      3000,
-      8443
-    ],
-    "autofilter_services": [
-      "http",
-      "https"
-    ],
-    "targets": [
-      "Automatic (PHP In-Memory)",
-      "Automatic (Unix In-Memory)"
-    ],
-    "mod_time": "2024-08-19 16:28:52 +0000",
-    "path": "/modules/exploits/unix/webapp/spip_rce_form.rb",
-    "is_install_path": true,
-    "ref_name": "unix/webapp/spip_rce_form",
-    "check": true,
-    "post_auth": false,
-    "default_credential": false,
-    "notes": {
-      "Stability": [
-        "crash-safe"
-      ],
-      "Reliability": [
-        "repeatable-session"
-      ],
-      "SideEffects": [
-        "ioc-in-logs"
-      ]
-    },
-    "session_types": false,
-    "needs_cleanup": null
-  },
   "exploit_unix/webapp/squash_yaml_exec": {
     "name": "Squash YAML Code Execution",
     "fullname": "exploit/unix/webapp/squash_yaml_exec",
