automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit 6838a0e73a95 · 2025-03-28T11:31:37.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -92131,6 +92131,65 @@
     "session_types": false,
     "needs_cleanup": true
   },
+  "exploit_multi/http/cmsms_file_manager_auth_rce": {
+    "name": "CmsMadeSimple Authenticated File Manager RCE",
+    "fullname": "exploit/multi/http/cmsms_file_manager_auth_rce",
+    "aliases": [],
+    "rank": 600,
+    "disclosure_date": "2023-06-07",
+    "type": "exploit",
+    "author": [
+      "Okan Kurtuluş",
+      "Mirabbas Ağalarov",
+      "tastyrice"
+    ],
+    "description": "CMS Made Simple <= v2.2.21 allows an authenticated administrator to upload files\n          with the .phar or .phtml extensions, enabling execution of PHP code\n          leading to RCE. The file can be executed by accessing its URL in the\n          /uploads/ directory.\n\n          Tested on v2.2.21, v2.2.18, v2.2.17, v2.2.16, v2.2.15, v2.2.14.",
+    "references": [
+      "CVE-2023-36969",
+      "EDB-51600"
+    ],
+    "platform": "PHP",
+    "arch": "php",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Universal"
+    ],
+    "mod_time": "2025-03-27 22:13:04 +0000",
+    "path": "/modules/exploits/multi/http/cmsms_file_manager_auth_rce.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/cmsms_file_manager_auth_rce",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_multi/http/cmsms_object_injection_rce": {
     "name": "CMS Made Simple Authenticated RCE via object injection",
     "fullname": "exploit/multi/http/cmsms_object_injection_rce",
