5 matches found
CVE-2023-26469
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server...
Metasploit Weekly Wrap-Up
PowershellPoint This week’s new features and improvements start with two new exploit modules leveraging CVE-2023-34960 Chamilo versions 1.11.18 and below and CVE-2023-26469 in Jorani 1.0.0. Like CVE-2023-34960, I too, feel attacked by PowerPoint sometimes. We also have several improvements,...
Jorani Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0. This modul...
Jorani unauthenticated Remote Code Execution
This module exploits an unauthenticated Remote Code Execution in Jorani prior to 1.0.2. It abuses 3 vulnerabilities: log poisoning and redirection bypass via header spoofing, then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0. Module Options msf use...
CVE-2023-26469
creationtimestamp| type| source ---|---|--- 2023-08-17 22:38:13+00:00| seen| https://t.me/cibsecurity/68783 2023-08-18 21:32:35+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/php/joranipathtrav.rb 2023-09-01 09:45:35+00:00| published-proof-of-concep...