Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2020-7384

Published: 29/10/2020 Updated: 03/02/2021
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Metasploit

Vulnerability Summary

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rapid7 metasploit

Exploits

Exploit DB: Metasploit Framework 6.0.11 Command Injection
Metasploit Framework version 6011 msfvenom APK template command injection exploit ...

Github Repositories

https://github.com/0xCarsonS/CVE-2020-7384

CVE-2020-7384 This is an exploit made in bash for CVE-2020-7384 It is a modification of nikhil1232's code here: githubcom/nikhil1232/CVE-2020-7384/blob/main/CVE-2020-7384sh My goal was to make the exploit easier to run, along with adding a few QOL improvements Usage bash CVE-2020-7384sh

https://github.com/mrinalprakash45/Hack-The-Box_Script-Kiddie

The target machine is called the Script kid, and the OS is Linux, which is not difficult

101010226 Nmap Scan- 2 Ports open 22 with ssh running 5000 with Werkzeug There are 3 tools on the page: Nmap, MsfVenom and Searchsploit They all worked as per usual Realising I was getting nowhere, I started Googling about vulnerabilities these tools may have and stumbled upon CVE-2020-7384: MsfVenom APK template command injection Using msfconsoleIt is found that o

https://github.com/nikhil1232/CVE-2020-7384

CVE-2020-7384

CVE-2020-7384 This is a small exploit in bash which I had made while solving one of the boxes from Hack The Box The exploit is modified from the original exploit here: githubcom/justinsteven/advisories/blob/master/2020_metasploit_msfvenom_apk_template_cmdimd Usage dos2unix CVE-2020-7384shbash CVE-2020-7384sh

References

CWE-77https://github.com/rapid7/metasploit-framework/pull/14288http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.htmlhttp://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.htmlhttps://nvd.nist.govhttps://github.com/0xCarsonS/CVE-2020-7384https://github.com/mrinalprakash45/Hack-The-Box_Script-Kiddiehttps://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook