metasploit-gs

adam/metasploit-gs

Fork 0

Commit Graph

Author	SHA1	Message	Date
Valentin Lobstein	dfe73bb4c5	Add exploit for AVideo Encoder getImage.php command injection (CVE-2026-29058) Unauthenticated OS command injection via the base64Url parameter in getImage.php. The URL is interpolated into an ffmpeg shell command without escapeshellarg(), and FILTER_VALIDATE_URL does not block shell metacharacters in the URL path.	2026-03-06 21:30:12 +01:00

Author

SHA1

Message

Date

Valentin Lobstein

dfe73bb4c5

Add exploit for AVideo Encoder getImage.php command injection (CVE-2026-29058)

Unauthenticated OS command injection via the base64Url parameter in
getImage.php. The URL is interpolated into an ffmpeg shell command
without escapeshellarg(), and FILTER_VALIDATE_URL does not block
shell metacharacters in the URL path.

2026-03-06 21:30:12 +01:00

1 Commits