automatic module_metadata_base.json update

msjenkins-r7 · msjenkins-r7 · commit 024af65c2a13 · 2024-08-14T04:30:49.000-05:00
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -67943,6 +67943,66 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/apache_hugegraph_gremlin_rce": {
+    "name": "Apache HugeGraph Gremlin RCE",
+    "fullname": "exploit/linux/http/apache_hugegraph_gremlin_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2024-04-22",
+    "type": "exploit",
+    "author": [
+      "6right",
+      "jheysel-r7"
+    ],
+    "description": "This module exploits CVE-2024-27348 which is a Remote Code Execution (RCE) vulnerability that exists in\n          Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve\n          RCE through Gremlin, resulting in complete control over the server",
+    "references": [
+      "URL-https://blog.securelayer7.net/remote-code-execution-in-apache-hugegraph/",
+      "CVE-2024-27348"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd",
+    "rport": 8080,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Automatic Target"
+    ],
+    "mod_time": "2024-08-13 08:48:33 +0000",
+    "path": "/modules/exploits/linux/http/apache_hugegraph_gremlin_rce.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/apache_hugegraph_gremlin_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/apache_nifi_h2_rce": {
     "name": "Apache NiFi H2 Connection String Remote Code Execution",
     "fullname": "exploit/linux/http/apache_nifi_h2_rce",
