This can be leveraged to install a custom PHP script onto the system via a remote attacker. An attacker can leverage this RCE vulnerability to install any malicious PHP script onto a system.
This can be exploited by malicious administrators to install a malicious PHP script onto a system. This malicious PHP script can be used to perform various functions, such as: steal sensitive data, perform injection attacks, etc.
The following is a list of software that could be exploited by this exploit.
Apache Tomcat / v1.4.1 - v1.5.0
Nginx / 1.10.3 - 1.10.5
Redis / 3.2.8 - 3.2.12
Redis Cluster / 3.2.8 - 3.2.12
Redis exception handling / 3.2.8 - 3.2.12
Redis LUA scripting / 3.2.8 - 3.2.12
Redis key-value / 3.2.8 - 3.2.12
Redis persistence / 3.2.8 - 3.2.12
Redis replication / 3.2.8 - 3.2.12
Redis sha1 hashing / 3.2.8 - 3.2.12
Redis slave selection / 3.2.8 - 3.2.12
Redis signing /
Installation
The following is a list of software that can be installed using this exploit.
Apache Tomcat / v1.4.1 - v1.5.0
Nginx / 1.10.3 - 1.10.5
Redis / 3.2.8 - 3.2.12
Sensitive Data Exposure
The following are some of the data elements that could be exposed by this exploit:
memory_limit, max_execution_time, max_input_time, pid, timeout.
Timeline
Published on: 09/30/2022 15:15:00 UTC
Last modified on: 10/04/2022 16:38:00 UTC