Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-0007. PoCs published by Lukas Zapletal.
AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Foreman's TFTP proxy service by injecting arbitrary commands via the 'path' parameter in a POST request. The provided curl command demonstrates the vulnerability by executing a 'touch' command to create a file.
Description
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.
Exploits (1)
This exploit leverages a command injection vulnerability in Foreman's TFTP proxy service by injecting arbitrary commands via the 'path' parameter in a POST request. The provided curl command demonstrates the vulnerability by executing a 'touch' command to create a file.