TeemIp IPAM Command Injection
Posted by deepcore on April 5, 2019 – 12:20 am
This Metasploit module exploits a command injection vulnerability in TeemIp versions prior to 2.4.0. The “new_config” parameter of “exec.php” allows you to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server. The vulnerability can be exploited by an authorized user (Administrator). Module allows remote command execution by sending php payload with parameter ‘new_config’.
Post a reply
You must be logged in to post a comment.