Lucene search
K

4 matches found

Rapid7 Blog
Rapid7 Blog
added 2026/03/20 8:3 p.m.13 views

Metasploit Wrap-Up 03/20/2026

♫ I Just Called ♫ To Say ♫ 7f45 4c46 0201 0100 0000 0000 0000 0000 0300 3e00 0100♫ This release contains 2 new exploit modules, 2 enhancements, and 7 bug fixes. Community contributor Chocapikk submitted both exploit modules this release: one targeting AVideo-Encoder’s getImage.php file and anothe...

9.8CVSS7.6AI score0.84417EPSS
Exploits6
Metasploit
Metasploit
added 2026/03/19 6:56 p.m.258 views

AVideo Encoder getImage.php Unauthenticated Command Injection

This module exploits an unauthenticated OS command injection vulnerability in AVideo Encoder's getImage.php endpoint CVE-2026-29058. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any sanitization or use of...

9.8CVSS7.9AI score0.02132EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/19 12:0 a.m.149 views

📄 AVideo getImage.php Unauthenticated Command Injection

This Metasploit module exploits an unauthenticated OS command injection vulnerability in the AVideo encoder getImage.php endpoint. This affects versions prior to 7.0. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any...

9.8CVSS5.8AI score0.02132EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.5 views

CVE-2026-29058

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...

9.8CVSS6AI score0.02132EPSS
Exploits2References1
Rows per page
Query Builder