2 matches found
CVE-2026-54898
CVE-2026-54898 (Oj gem) affects the Ruby JSON parser Oj in versions before 3.17.2. The vulnerability occurs when a SAJ/SAJ2 callback mutates the input string during parsing, causing the C engine’s raw pointer into Ruby’s string buffer to become dangling and resulting in a heap use-after-free on t...
OS Command Exec, Unix Command Shell, Bind TCP (via Ruby)
Execute an OS command from PHP. Continually listen for a connection and spawn a command shell via Ruby Module Options msf use payload/php/unix/cmd/bindruby msf payloadbindruby show actions ...actions... msf payloadbindruby set ACTION msf payloadbindruby show options ...show and set options... msf...