bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/local/51410.txt
Exploit-DB 668314bbda DB: 2023-05-03 
19 changes to exploits/shellcodes/ghdb

FS-S3900-24T4S - Privilege Escalation

Virtual Reception v1.0 - Web Server Directory Traversal

admidio v4.2.5 - CSV Injection

Companymaps v8.0 - Stored Cross Site Scripting (XSS)

GLPI 9.5.7 - Username Enumeration

OpenEMR v7.0.1 - Authentication credentials brute force

PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting

PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)
PHPJabbers Simple CMS 5.0 - SQL Injection
PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)

phpMyFAQ v3.1.12 - CSV Injection

projectSend r1605 - Private file download

revive-adserver v5.4.1 - Cross-Site Scripting (XSS)

Serendipity 2.4.0 - File Inclusion RCE

SoftExpert (SE) Suite v2.1.3 - Local File Inclusion

Advanced Host Monitor v12.56 - Unquoted Service Path

MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control
2023-05-03 00:16:23 +00:00

37 lines
No EOL
1.9 KiB
Text
Raw Blame History

# Exploit Title: MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control
# Date: 2023-04-28
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: https://millegpg.it/
# Software Homepage: https://millegpg.it - https://millewin.it/prodotti/governo-clinico-3/
# Software Link: https://www.millegpg.it/download/MilleGPGInstall.exe
# Version: 5.9.2
# Tested on: Microsoft Windows 10 Enterprise x64 22H2, build 19045.2913
# CVE: CVE-2023-25438
MilleGPG / MilleGPG5 also known as "Governo Clinico 3"
Vendor: Millennium S.r.l. / Dedalus Group - Dedalus Italia S.p.a. / Genomedics S.r.l.
Affected/tested version: MilleGPG5 5.9.2
Summary:
Mille General Practice Governance (MilleGPG): an interactive tool to address an effective quality of care through the
Italian general practice network.
MilleGPG is an innovative IT support for the evaluation and optimization of patient care and intervention processes,
complete with new features for the management of the COVID-19 vaccine campaign. It is An irreplaceable "ally" for the
General Practitioner, also offering contextual access to the most authoritative scientific content and CME training.
Vuln desc:
The application is prone to insecure file/folder permissions on its default installation path, wrongly allowing some
files to be modified by unprivileged users, malicious process and/or threat actor. Attacker can exploit the weakness
abusing the "write" permission of the main application available to all users on the system or network.
Details:
Any low privileged user can elevate their privileges abusing files/folders that have incorrect permissions, e.g.:
C:\Program Files\MilleGPG5\MilleGPG5.exe (main gui application)
C:\Program Files\MilleGPG5\plugin\ (GPGCommand.exe, nginx and php files)
C:\Program Files\MilleGPG5\k-platform\ (api and webapp files)
such as BUILTIN\Users:(I)(OI)(CI)(R,W) and/or FILE_GENERIC_WRITE, FILE_WRITE_DATA and FILE_WRITE_EA
Reference in a new issue View git blame Copy permalink