automatic module_metadata_base.json update

4.x
Metasploit 2019-02-08 16:38:54 -08:00
parent ed4acd6b31
commit 38b5abdb2b
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 8 additions and 3 deletions

View File

@ -51154,13 +51154,17 @@
"author": [
"Anton Lopanitsyn",
"Twoster",
"h00die"
"h00die",
"Paolo Serracino",
"Pietro Minniti",
"Damiano Proietti"
],
"description": "The imap_open function within php, if called without the /norsh flag, will attempt to preauthenticate an\n IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand\n option can be passed from imap_open to execute arbitrary commands.\n While many custom applications may use imap_open, this exploit works against the following applications:\n e107 v2, prestashop, SuiteCRM, as well as Custom, which simply prints the exploit strings for use.\n Prestashop exploitation requires the admin URI, and administrator credentials.\n suiteCRM/e107/hostcms require administrator credentials.",
"description": "The imap_open function within php, if called without the /norsh flag, will attempt to preauthenticate an\n IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand\n option can be passed from imap_open to execute arbitrary commands.\n While many custom applications may use imap_open, this exploit works against the following applications:\n e107 v2, prestashop, SuiteCRM, as well as Custom, which simply prints the exploit strings for use.\n Prestashop exploitation requires the admin URI, and administrator credentials.\n suiteCRM/e107 require administrator credentials. Fixed in php 5.6.39.",
"references": [
"URL-https://web.archive.org/web/20181118213536/https://antichat.com/threads/463395",
"URL-https://github.com/Bo0oM/PHP_imap_open_exploit",
"EDB-45865",
"EDB-46136",
"URL-https://bugs.php.net/bug.php?id=76428",
"CVE-2018-19518",
"CVE-2018-1000859"
@ -51189,9 +51193,10 @@
"prestashop",
"suitecrm",
"e107v2",
"Horde IMP H3",
"custom"
],
"mod_time": "2018-12-06 14:59:05 +0000",
"mod_time": "2019-01-18 19:43:45 +0000",
"path": "/modules/exploits/linux/http/php_imap_open_rce.rb",
"is_install_path": true,
"ref_name": "linux/http/php_imap_open_rce",