automatic module_metadata_base.json update

Author: jenkins-metasploit

db/modules_metadata_base.json

@@ -109954,6 +109954,65 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_multi/http/gestioip_rce": {
+    "name": "GestioIP 3.5.7 Remote Command Execution",
+    "fullname": "exploit/multi/http/gestioip_rce",
+    "aliases": [],
+    "rank": 600,
+    "disclosure_date": "2025-01-14",
+    "type": "exploit",
+    "author": [
+      "maxibelino",
+      "odeez24"
+    ],
+    "description": "This module exploits a command execution via file upload.\n          If GestioIP is configured to use no authentication for admin account,\n          no password is required to exploit the vulnerability. Otherwise, an authenticated\n          user with admin right on the web site is required to exploit.",
+    "references": [
+      "CVE-2024-48760",
+      "URL-https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760"
+    ],
+    "platform": "Linux",
+    "arch": "cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Linux/unix Command"
+    ],
+    "mod_time": "2026-05-14 10:47:45 +0000",
+    "path": "/modules/exploits/multi/http/gestioip_rce.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/gestioip_rce",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "config-changes"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_multi/http/getsimplecms_unauth_code_exec": {
     "name": "GetSimpleCMS Unauthenticated RCE",
     "fullname": "exploit/multi/http/getsimplecms_unauth_code_exec",