Authors: Michael Heinzl and Tenable
Type: Auxiliary
Pull request: #19373 contributed by h4x-x0r
Path: admin/http/fortra_filecatalyst_workflow_sqli
AttackerKB reference: CVE-2024-5276
Description: This adds an auxiliary module to exploit the CVE-2024-5276, a SQL injection vulnerability that allows for adding an arbitrary administration user in the application.
Authors: Julien Voisin, Laluka, and Valentin Lobstein
Type: Exploit
Pull request: #19394 contributed by Chocapikk
Path: multi/http/spip_porte_plume_previsu_rce
Description: Adds a new exploit/multi/http/spip_porte_plume_previsu_rce
SPIP unauthenticated remote code execution (RCE) module targeting SPIP versions up to and including 4.2.12.
Authors: Michael Heinzl and Tenable
Type: Exploit
Pull request: #19351 contributed by h4x-x0r
Path: windows/scada/diaenergie_sqli
AttackerKB reference: CVE-2024-4548
Description: This adds an exploit module for CVE-2024-4548, an unauthenticated SQL injection vulnerability that allows remote code execution as NT AUTHORITY\SYSTEM
.
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro