diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index 8104645f786e..e328d5a52612 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -71949,6 +71949,69 @@ "session_types": false, "needs_cleanup": true }, + "exploit_linux/http/craftcms_ftp_template": { + "name": "Craft CMS Twig Template Injection RCE via FTP Templates Path", + "fullname": "exploit/linux/http/craftcms_ftp_template", + "aliases": [ + + ], + "rank": 600, + "disclosure_date": "2024-12-19", + "type": "exploit", + "author": [ + "jheysel-r7", + "Valentin Lobstein", + "AssetNote" + ], + "description": "This module exploits a Twig template injection vulnerability in Craft CMS by abusing the --templatesPath argument.\n The vulnerability allows arbitrary template loading via FTP, leading to Remote Code Execution (RCE).", + "references": [ + "CVE-2024-56145", + "URL-https://github.com/Chocapikk/CVE-2024-56145", + "URL-https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms" + ], + "platform": "Linux,Unix", + "arch": "cmd", + "rport": 80, + "autofilter_ports": [ + 80, + 8080, + 443, + 8000, + 8888, + 8880, + 8008, + 3000, + 8443 + ], + "autofilter_services": [ + "http", + "https" + ], + "targets": [ + "Unix/Linux Command Shell" + ], + "mod_time": "2025-01-15 09:22:44 +0000", + "path": "/modules/exploits/linux/http/craftcms_ftp_template.rb", + "is_install_path": true, + "ref_name": "linux/http/craftcms_ftp_template", + "check": true, + "post_auth": false, + "default_credential": false, + "notes": { + "Stability": [ + "crash-safe" + ], + "SideEffects": [ + "artifacts-on-disk", + "ioc-in-logs" + ], + "Reliability": [ + "repeatable-session" + ] + }, + "session_types": false, + "needs_cleanup": null + }, "exploit_linux/http/craftcms_unauth_rce_cve_2023_41892": { "name": "Craft CMS unauthenticated Remote Code Execution (RCE)", "fullname": "exploit/linux/http/craftcms_unauth_rce_cve_2023_41892",