This module exploits CVE-2024-5910 to reset the password of the admin. For doing this, it will craft a special request to the endpoint /OS/startup/restore/restoreAdmin.php. After getting the admin password, it will authenticate with the admin credentials and it will exploit CVE-2024-9464 in order to deploy an agent. The exploitation of CVE-2024-9464 consists in crafting a special request to the endpoint /bin/CronJobs.php. As an authenticated user we can abuse this endpoint for inserting commands in the table cronjobs from pandb. After inserting the command into this table, the target will execute it.
CVE Link
Exploit Platform
Exploit Type
Product Name