CVE-2024-31819

This repository contains a functional exploit for CVE-2024-31819, an unauthenticated RCE vulnerability in the AVideo platform's WWBNIndex plugin. The exploit leverages improper input validation in the `submitIndex.php` file to execute arbitrary PHP code via a crafted `systemRootPath` parameter.

This repository contains a functional exploit for CVE-2024-31819, leveraging PHP filter chains to achieve remote code execution (RCE) via a crafted payload sent to a vulnerable endpoint. The exploit uses a series of PHP iconv conversions to bypass restrictions and execute arbitrary commands.

This Metasploit module exploits an unauthenticated RCE vulnerability in the AVideo WWBNIndex plugin by leveraging PHP filter chaining to execute arbitrary code via the `require()` function in `submitIndex.php`. It supports multiple payload types (PHP, Unix, Windows) and includes version checking for vulnerability confirmation.