adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

automatic module_metadata_base.json update

Browse Source
This commit is contained in:
jenkins-metasploit
2025-05-15 10:41:52 +00:00
parent c598d8b4b0
commit 72ae91e4bc
1 changed files with 61 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
db/modules_metadata_base.json
+61
View File
@@ -122311,6 +122311,67 @@
"session_types": false,
"needs_cleanup": null
},
"exploit_unix/webapp/nextcloud_workflows_rce": {
"name": "Nextcloud Workflows Remote Code Execution",
"fullname": "exploit/unix/webapp/nextcloud_workflows_rce",
"aliases": [],
"rank": 600,
"disclosure_date": "2023-03-30",
"type": "exploit",
"author": [
"Enis Maholli",
"arianitisufi",
"Armend Gashi",
"whotwagner"
],
"description": "This module adds workflows as an authenticated user\n which can only be created by administrators by design.\n If the app \"Nextcloud Workflow Script\" is installed it\n is possible to generate a workflow that executes commands.",
"references": [
"URL-https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h3c9-cmh8-7qpj",
"CVE-2023-26482"
],
"platform": "Linux,Unix",
"arch": "",
"rport": 80,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": [
"nix Command"
],
"mod_time": "2025-05-15 09:16:26 +0000",
"path": "/modules/exploits/unix/webapp/nextcloud_workflows_rce.rb",
"is_install_path": true,
"ref_name": "unix/webapp/nextcloud_workflows_rce",
"check": true,
"post_auth": true,
"default_credential": false,
"notes": {
"Stability": [
"crash-safe"
],
"Reliability": [
"repeatable-session"
],
"SideEffects": [
"artifacts-on-disk",
"ioc-in-logs"
]
},
"session_types": false,
"needs_cleanup": null
},
"exploit_unix/webapp/open_flash_chart_upload_exec": {
"name": "Open Flash Chart v2 Arbitrary File Upload",
"fullname": "exploit/unix/webapp/open_flash_chart_upload_exec",