CVE-2021-37363

EIP tracks 1 public exploit for CVE-2021-37363. PoCs published by Alessandro Salzano.

AI-analyzed exploit summary This exploit demonstrates a local privilege escalation (LPE) in Gestionale Open 11.00.00 by replacing the MariaDB service executable (mysqld.exe) with a malicious payload. The insecure folder permissions allow low-privilege users to overwrite the executable, which runs as Local System upon reboot.

An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.