what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

CVE-2020-13382

Related Files

openSIS 7.4 Unauthenticated PHP Code Execution

Posted Jul 6, 2020

Authored by EgiX | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.

tags | exploit, arbitrary, local, php, vulnerability, sql injection, file inclusion

advisories | CVE-2020-13381, CVE-2020-13382, CVE-2020-13383

SHA-256 | 942c0ce311ce709dd7c1790955789b1f88040cee422935d166bdf0e150147703

Download | Favorite | View

openSIS 7.4 Incorrect Access Control

Posted Jun 30, 2020

Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from an access bypass vulnerability.

tags | exploit, bypass

advisories | CVE-2020-13382

SHA-256 | de18d17ff15947139e2907c1c51bf51af6d549555d04403c26002b9a0c85a3af

Download | Favorite | View