Headline
CVE-2022-36566: There is an OS Command Injection vulnerability in the scan engine function configuration of rengine 1.3.0 · Issue #2 · zongdeiqianxing/rengine
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.
https://github.com/yogeshojha/rengine
The rce vulnerability is caused by the code reading the value from the yaml file and splicing it directly into the os.system statement.
github permark
====================
If you try to reproduce the vulnerability, add the command you want to execute in the scan engine template in the background, then create a target and select the scan engine template for scanning. After a while, you will find that the command is successfully executed.