Full title: Network Shutdown Module 3.21 Remote PHP Code Injection 
Category: remote exploits
Platform: php
This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval() call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable service must have at least one USV module (an entry in the "nodes" table in mgedb.db).

# 0day.today @ http://0day.today/