infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

automatic module_metadata_base.json update

4.x 4.17.48
Metasploit 2019-03-21 09:43:28 -07:00
parent ae55bf9738
commit f0ddfdb1ed
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
db/modules_metadata_base.json
View File

@ -77896,6 +77896,7 @@
],
"description": "This module exploits an arbitrary command execution vulnerability in Webmin\n 1.900 and lower versions. Any user authorized to the \"Upload and Download\"\n module can execute arbitrary commands with root privileges.\n\n In addition, if the 'Running Processes' (proc) privilege is set the user can\n accurately determine which directory to upload to. Webmin application files\n can be written/overwritten, which allows remote code execution. The module\n has been tested successfully with Webmin 1.900 on Ubuntu v18.04.\n\n Using GUESSUPLOAD attempts to use a default installation path in order to\n trigger the exploit.",
"references": [
"CVE-2019-9624",
"EDB-46201",
"URL-https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html"
],
@ -77920,7 +77921,7 @@
"targets": [
"Webmin <= 1.900"
],
"mod_time": "2019-03-14 13:46:34 +0000",
"mod_time": "2019-03-21 11:28:45 +0000",
"path": "/modules/exploits/unix/webapp/webmin_upload_exec.rb",
"is_install_path": true,
"ref_name": "unix/webapp/webmin_upload_exec",