automatic module_metadata_base.json update

rapid7 · Jan 20, 2025 · 0e72da6 · 0e72da6
1 parent 159b2bb
commit 0e72da6
Showing 1 changed file with 61 additions and 0 deletions.
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -77160,6 +77160,67 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/librenms_authenticated_rce_cve_2024_51092": {
+    "name": "LibreNMS Authenticated RCE (CVE-2024-51092)",
+    "fullname": "exploit/linux/http/librenms_authenticated_rce_cve_2024_51092",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2024-11-15",
+    "type": "exploit",
+    "author": [
+      "murrant (Tony Murray)",
+      "Takahiro Yokoyama"
+    ],
+    "description": "An authenticated attacker can create dangerous directory names on the system and\n          alter sensitive configuration parameters through the web portal.\n          Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls,\n          thus achieving arbitrary code execution.",
+    "references": [
+      "URL-https://github.com/advisories/GHSA-x645-6pf9-xwxw",
+      "CVE-2024-51092"
+    ],
+    "platform": "Linux",
+    "arch": "",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Linux Command"
+    ],
+    "mod_time": "2025-01-20 21:24:16 +0000",
+    "path": "/modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/librenms_authenticated_rce_cve_2024_51092",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
   "exploit_linux/http/librenms_collectd_cmd_inject": {
     "name": "LibreNMS Collectd Command Injection",
     "fullname": "exploit/linux/http/librenms_collectd_cmd_inject",