|
71949 | 71949 | "session_types": false, |
71950 | 71950 | "needs_cleanup": true |
71951 | 71951 | }, |
| 71952 | + "exploit_linux/http/craftcms_ftp_template": { |
| 71953 | + "name": "Craft CMS Twig Template Injection RCE via FTP Templates Path", |
| 71954 | + "fullname": "exploit/linux/http/craftcms_ftp_template", |
| 71955 | + "aliases": [ |
| 71956 | + |
| 71957 | + ], |
| 71958 | + "rank": 600, |
| 71959 | + "disclosure_date": "2024-12-19", |
| 71960 | + "type": "exploit", |
| 71961 | + "author": [ |
| 71962 | + "jheysel-r7", |
| 71963 | + "Valentin Lobstein", |
| 71964 | + "AssetNote" |
| 71965 | + ], |
| 71966 | + "description": "This module exploits a Twig template injection vulnerability in Craft CMS by abusing the --templatesPath argument.\n The vulnerability allows arbitrary template loading via FTP, leading to Remote Code Execution (RCE).", |
| 71967 | + "references": [ |
| 71968 | + "CVE-2024-56145", |
| 71969 | + "URL-https://github.com/Chocapikk/CVE-2024-56145", |
| 71970 | + "URL-https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms" |
| 71971 | + ], |
| 71972 | + "platform": "Linux,Unix", |
| 71973 | + "arch": "cmd", |
| 71974 | + "rport": 80, |
| 71975 | + "autofilter_ports": [ |
| 71976 | + 80, |
| 71977 | + 8080, |
| 71978 | + 443, |
| 71979 | + 8000, |
| 71980 | + 8888, |
| 71981 | + 8880, |
| 71982 | + 8008, |
| 71983 | + 3000, |
| 71984 | + 8443 |
| 71985 | + ], |
| 71986 | + "autofilter_services": [ |
| 71987 | + "http", |
| 71988 | + "https" |
| 71989 | + ], |
| 71990 | + "targets": [ |
| 71991 | + "Unix/Linux Command Shell" |
| 71992 | + ], |
| 71993 | + "mod_time": "2025-01-15 09:22:44 +0000", |
| 71994 | + "path": "/modules/exploits/linux/http/craftcms_ftp_template.rb", |
| 71995 | + "is_install_path": true, |
| 71996 | + "ref_name": "linux/http/craftcms_ftp_template", |
| 71997 | + "check": true, |
| 71998 | + "post_auth": false, |
| 71999 | + "default_credential": false, |
| 72000 | + "notes": { |
| 72001 | + "Stability": [ |
| 72002 | + "crash-safe" |
| 72003 | + ], |
| 72004 | + "SideEffects": [ |
| 72005 | + "artifacts-on-disk", |
| 72006 | + "ioc-in-logs" |
| 72007 | + ], |
| 72008 | + "Reliability": [ |
| 72009 | + "repeatable-session" |
| 72010 | + ] |
| 72011 | + }, |
| 72012 | + "session_types": false, |
| 72013 | + "needs_cleanup": null |
| 72014 | + }, |
71952 | 72015 | "exploit_linux/http/craftcms_unauth_rce_cve_2023_41892": { |
71953 | 72016 | "name": "Craft CMS unauthenticated Remote Code Execution (RCE)", |
71954 | 72017 | "fullname": "exploit/linux/http/craftcms_unauth_rce_cve_2023_41892", |
|
0 commit comments