From b5d89f3e115b6dbf932b2d709b39c718f5f2dccd Mon Sep 17 00:00:00 2001 From: Metasploit Date: Thu, 18 Jul 2024 12:56:01 -0500 Subject: [PATCH] automatic module_metadata_base.json update --- db/modules_metadata_base.json | 61 +++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index 2ccc66de0414..e1688bfbb339 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -23797,6 +23797,67 @@ } ] }, + "auxiliary_gather/magento_xxe_cve_2024_34102": { + "name": "Magento XXE Unserialize Arbitrary File Read", + "fullname": "auxiliary/gather/magento_xxe_cve_2024_34102", + "aliases": [ + + ], + "rank": 300, + "disclosure_date": "2024-06-11", + "type": "auxiliary", + "author": [ + "Sergey Temnikov", + "Heyder" + ], + "description": "This module exploits a XXE vulnerability in Magento 2.4.7-p1 and below which allows an attacker to read any file on the system.", + "references": [ + "CVE-2024-34102", + "URL-https://github.com/spacewasp/public_docs/blob/main/CVE-2024-34102.md" + ], + "platform": "", + "arch": "", + "rport": 80, + "autofilter_ports": [ + 80, + 8080, + 443, + 8000, + 8888, + 8880, + 8008, + 3000, + 8443 + ], + "autofilter_services": [ + "http", + "https" + ], + "targets": null, + "mod_time": "2024-07-18 11:56:22 +0000", + "path": "/modules/auxiliary/gather/magento_xxe_cve_2024_34102.rb", + "is_install_path": true, + "ref_name": "gather/magento_xxe_cve_2024_34102", + "check": true, + "post_auth": false, + "default_credential": false, + "notes": { + "Stability": [ + "crash-safe" + ], + "Reliability": [ + + ], + "SideEffects": [ + "ioc-in-logs" + ] + }, + "session_types": false, + "needs_cleanup": false, + "actions": [ + + ] + }, "auxiliary_gather/manageengine_adaudit_plus_xnode_enum": { "name": "ManageEngine ADAudit Plus Xnode Enumeration", "fullname": "auxiliary/gather/manageengine_adaudit_plus_xnode_enum",