Exploit for #VU52794 Code Injection in ExifTool

Vulnerability identifier: #VU52794

Vulnerability risk: High

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2021-22204

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 23

• June 21, 2024
  • CVE-2021-22204 (CVE-2021-22204 exploit script) [Github]
• June 18, 2023
  • CVE-2021-22204 () [Github]
• May 14, 2023
  • CVE-2021-22204-exiftool (exiftool exploit) [Github]
• January 23, 2023
  • CVE-2021-22204-exiftool (exiftool exploit) [Github]
• August 7, 2022
  • CVE-2021-22204 (A complete PoC for CVE-2021-22204 exiftool RCE ) [Github]
• May 23, 2022
  • CVE-2021-22204-exiftool (exiftool exploit) [Github]
• May 13, 2022
  • ExifTool 12.23 - Arbitrary Code Execution [Exploit-DB]
• May 11, 2022
  • ExifTool 12.23 Arbitrary Code Execution [Packet Storm]
• May 1, 2022
  • exploit-CVE-2021-22204 (Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution) [Github]
• March 27, 2022
  • CVE-2021-22204 (Script en python para crear imagenes maliciosas (reverse shell)) [Github]
• January 25, 2022
  • CVE-2021-22204 () [Github]
• December 29, 2021
  • CVE-2021-22204 () [Github]
• December 7, 2021
  • CVE-2021-22204-RSE (reverse shell execution exploit of CVE 22204) [Github]
• November 25, 2021
  • GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated) [Exploit-DB]
• November 4, 2021
  • CVE-2021-22204-Gitlab (Modification of gitlab exploit anything under 13.10) [Github]
• November 3, 2021
  • GitLab Unauthenticated Remote ExifTool Command Injection [Metasploit]
• October 14, 2021
  • CVE-2021-22204-exiftool (Python exploit for the CVE-2021-22204 vulnerability in Exiftool) [Github]
• August 23, 2021
  • CVE (A collection of proof-of-concept exploit scripts written by the STAR Labs team for various CVEs that they discovered or found by others.) [Github]
• August 2, 2021
  • CVE-2021-22204 () [Github]
  • CVE-2021-22204 () [Github]
• May 24, 2021
  • POC-CVE-2021-22204 (POC for exiftool vuln (CVE-2021-22204).) [Github]
• May 18, 2021
  • CVE-2021-22204 (exiftool arbitrary code execution vulnerability) [Github]
• May 12, 2021
  • ExifTool DjVu ANT Perl injection [Metasploit]

Vulnerable software:
ExifTool
Universal components / Libraries / Libraries used by multiple products

Vendor: ExifTool