reNgine Command Injection Vulnerability Allowing Remote Code Execution

A command injection vulnerability has been identified in reNgine version 2.2.0. This vulnerability resides in the 'nmap_cmd' parameter within the scan engine configuration. Authenticated attackers can exploit this issue to execute arbitrary commands on the server. By injecting malicious base64-encoded payloads into the 'nmap_cmd' parameter, attackers can achieve remote code execution during the scan engine configuration process.

Impact

Exploitation of this vulnerability allows for authenticated users to execute arbitrary commands on the server, potentially leading to unauthorized access or modification of system resources.

Reproduction

To reproduce this vulnerability, an authenticated user can log into the reNgine platform and navigate to the scan engine configuration. By modifying the 'nmap_cmd' parameter to include a base64-encoded payload that, when decoded, executes a command, the injection can be achieved. Once the payload is injected, the modified scan engine can be used to execute the command on the server.