Subscribe via feed.

TeemIp IPAM Command Injection

Posted by deepcore on April 5, 2019 – 12:20 am

This Metasploit module exploits a command injection vulnerability in TeemIp versions prior to 2.4.0. The “new_config” parameter of “exec.php” allows you to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server. The vulnerability can be exploited by an authorized user (Administrator). Module allows remote command execution by sending php payload with parameter ‘new_config’.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.