CNNVD-202512-2067 Information
CNNVD ID
CNNVD-202512-2067
Related CVE
- CNNVD Published: 2025-12-11
Description (Chinese)
reNgine是Yogesh Ojha个人开发者的一个用于 Web 应用程序的自动侦察框架。专注于通过引擎、侦察数据关联和组织、持续监控、由数据库和简单而直观的用户界面支持的高度可配置的流线型侦察过程。 reNgine 2.2.0版本存在操作系统命令注入漏洞,该漏洞源于scan engine配置中nmap_cmd参数存在命令注入,可能导致远程代码执行。
Description (English)
ReNgine is an automated reconnaissance framework for Web applications by Yogesh Ojha personal developers. Focus on a highly configurable current-type reconnaissance process supported by an engine, detection of data linkages and organization, continuous monitoring, a database and a simple and visual user interface. Version reNgine 2.2.0 has an operational system command-injected loophole, which stems from the command-injecting of nmap cmd parameters in the scan engine configuration, which may lead to remote code execution.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
个人开发者
Published
2025-12-11
Last Modified
2026-02-24
References
https://github.com/yogeshojha/rengine https://rengine.wiki/ https://www.exploit-db.com/exploits/52081 https://www.vulncheck.com/advisories/rengine-authenticated-command-injection-via-scan-engine-configuration
Share on: