This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.
5ec6676b8d5b72c304f3f383a6b3a1bbcb4df27ceff247690cd2cd511bbf75bb
This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and below.
4b98d5b04b6e749217209691c5bf8ebd2011def2f86e1db79d9419e0830fa90f
Klog Server version 2.4.1 suffers from a remote command injection vulnerability.
c4d49bbb6aa298ab790e96bc0bed872c2d9c52390ea9e2f22b668c5bb074580e