Skip to content

Commit

Permalink
automatic module_metadata_base.json update
Browse files Browse the repository at this point in the history
  • Loading branch information
jenkins-metasploit committed Dec 18, 2024
1 parent 2001469 commit 37eaa29
Showing 1 changed file with 63 additions and 1 deletion.
64 changes: 63 additions & 1 deletion db/modules_metadata_base.json
Original file line number Diff line number Diff line change
Expand Up @@ -58136,7 +58136,7 @@
"https"
],
"targets": null,
"mod_time": "2024-11-04 16:58:32 +0000",
"mod_time": "2024-12-17 14:27:41 +0000",
"path": "/modules/auxiliary/scanner/teamcity/teamcity_login.rb",
"is_install_path": true,
"ref_name": "scanner/teamcity/teamcity_login",
Expand Down Expand Up @@ -102724,6 +102724,68 @@
"session_types": false,
"needs_cleanup": true
},
"exploit_multi/http/clinic_pms_fileupload_rce": {
"name": "Clinic's Patient Management System 1.0 - Unauthenticated RCE",
"fullname": "exploit/multi/http/clinic_pms_fileupload_rce",
"aliases": [

],
"rank": 600,
"disclosure_date": "2022-10-31",
"type": "exploit",
"author": [
"Aaryan Golatkar",
"Oğulcan Hami Gül"
],
"description": "This module exploits an unauthenticated file upload vulnerability in Clinic's\n Patient Management System 1.0. An attacker can upload a PHP web shell and execute\n it by leveraging directory listing enabled on the `/pms/user_images` directory.",
"references": [
"EDB-51779",
"CVE-2022-40471",
"URL-https://www.cve.org/CVERecord?id=CVE-2022-40471",
"URL-https://drive.google.com/file/d/1m-wTfOL5gY3huaSEM3YPSf98qIrkl-TW/view"
],
"platform": "PHP",
"arch": "php",
"rport": 80,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": [
"Clinic Patient Management System 1.0"
],
"mod_time": "2024-12-17 21:39:30 +0000",
"path": "/modules/exploits/multi/http/clinic_pms_fileupload_rce.rb",
"is_install_path": true,
"ref_name": "multi/http/clinic_pms_fileupload_rce",
"check": true,
"post_auth": false,
"default_credential": false,
"notes": {
"Stability": [
"crash-safe"
],
"Reliability": [
"repeatable-session"
],
"SideEffects": [
"artifacts-on-disk"
]
},
"session_types": false,
"needs_cleanup": true
},
"exploit_multi/http/clipbucket_fileupload_exec": {
"name": "ClipBucket beats_uploader Unauthenticated Arbitrary File Upload",
"fullname": "exploit/multi/http/clipbucket_fileupload_exec",
Expand Down

0 comments on commit 37eaa29

Please sign in to comment.