LinuxKI Toolset 6.01 Remote Command Execution

Posted on 10 June 2020

This Metasploit module exploits a vulnerability in LinuxKI Toolset versions 6.01 and below which allows remote code execution. The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in the security vulnerability.