1337day-Exploits Posted September 16, 2020 Share Posted September 16, 2020 This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to execute any command as root without providing a password, resulting in privileged command execution as root. This module has been successfully tested on Mida Solutions eFramework-C7-2.9.0 virtual appliance. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts