diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index 2620f2cd42e9..8abebfe9ed64 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -109629,6 +109629,67 @@ "session_types": false, "needs_cleanup": null }, + "exploit_unix/http/pfsense_config_data_exec": { + "name": "pfSense Restore RRD Data Command Injection", + "fullname": "exploit/unix/http/pfsense_config_data_exec", + "aliases": [ + + ], + "rank": 600, + "disclosure_date": "2023-03-18", + "type": "exploit", + "author": [ + "Emir Polat" + ], + "description": "This module exploits an authenticated command injection vulnerabilty in the \"restore_rrddata()\" function of\n pfSense prior to version 2.7.0 which allows an authenticated attacker with the \"WebCfg - Diagnostics: Backup & Restore\"\n privilege to execute arbitrary operating system commands as the \"root\" user.\n\n This module has been tested successfully on version 2.6.0-RELEASE.", + "references": [ + "CVE-2023-27253", + "URL-https://redmine.pfsense.org/issues/13935", + "URL-https://github.com/pfsense/pfsense/commit/ca80d18493f8f91b21933ebd6b714215ae1e5e94" + ], + "platform": "Unix", + "arch": "cmd", + "rport": 443, + "autofilter_ports": [ + 80, + 8080, + 443, + 8000, + 8888, + 8880, + 8008, + 3000, + 8443 + ], + "autofilter_services": [ + "http", + "https" + ], + "targets": [ + "Automatic Target" + ], + "mod_time": "2023-04-08 04:51:31 +0000", + "path": "/modules/exploits/unix/http/pfsense_config_data_exec.rb", + "is_install_path": true, + "ref_name": "unix/http/pfsense_config_data_exec", + "check": true, + "post_auth": true, + "default_credential": false, + "notes": { + "Stability": [ + "crash-safe" + ], + "Reliability": [ + "repeatable-session" + ], + "SideEffects": [ + "config-changes", + "ioc-in-logs" + ] + }, + "session_types": false, + "needs_cleanup": true + }, "exploit_unix/http/pfsense_diag_routes_webshell": { "name": "pfSense Diag Routes Web Shell Upload", "fullname": "exploit/unix/http/pfsense_diag_routes_webshell",