cve/2021/CVE-2021-30461.md

CVE-2021-30461

Description

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.

POC

Reference

No PoCs from references.

Github

• https://github.com/0day404/vulnerability-poc
• https://github.com/20142995/Goby
• https://github.com/20142995/nuclei-templates
• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/Al1ex/CVE-2021-30461
• https://github.com/ArrestX/--POC
• https://github.com/Drajoncr/AttackWebFrameworkTools
• https://github.com/EdgeSecurityTeam/Vulnerability
• https://github.com/Elsfa7-110/kenzer-templates
• https://github.com/KayCHENvip/vulnerability-poc
• https://github.com/Miraitowa70/POC-Notes
• https://github.com/NaInSec/CVE-PoC-in-GitHub
• https://github.com/SYRTI/POC_to_review
• https://github.com/SexyBeast233/SecBooks
• https://github.com/Threekiii/Awesome-POC
• https://github.com/Vulnmachines/CVE-2021-30461
• https://github.com/W01fh4cker/Serein
• https://github.com/WhooAmii/POC_to_review
• https://github.com/XiaomingX/awesome-poc-for-red-team
• https://github.com/bigblackhat/oFx
• https://github.com/d4n-sec/d4n-sec.github.io
• https://github.com/daedalus/CVE-2021-30461
• https://github.com/merlinepedra/AttackWebFrameworkTools-5.0
• https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
• https://github.com/n0-traces/cve_monitor
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/openx-org/BLEN
• https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
• https://github.com/peiqiF4ck/WebFrameworkTools-5.5
• https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance
• https://github.com/puckiestyle/CVE-2021-30461
• https://github.com/shengshengli/AttackWebFrameworkTools-5.0
• https://github.com/soosmile/POC
• https://github.com/trhacknon/Pocingit
• https://github.com/tzwlhack/Vulnerability
• https://github.com/zecool/cve