Authors: bwatters-r7, g1vi, gardnerapp, and h00die
Type: Exploit
Pull request: #19460 contributed by gardnerapp
Path: linux/local/gameoverlay_privesc
AttackerKB reference: CVE-2023-2640
Description: Adds a module for CVE-2023-2640 and CVE-2023-32629, a local privilege escalation in some Ubuntu kernel versions that abuses overly trusting OverlayFS features.
Authors: Aaryan Golatkar and Oğulcan Hami Gül
Type: Exploit
Pull request: #19733 contributed by aaryan-11-x
Path: multi/http/clinic_pms_fileupload_rce
AttackerKB reference: CVE-2022-40471
Description: New exploit module for Clinic's Patient Management System 1.0 that targets CVE-2022-40471. The module exploits unrestricted file upload, which can be further used to get remote code execution (RCE) through a malicious PHP file.
Authors: Rein Daelman and Valentin Lobstein
Type: Exploit
Pull request: #19713 contributed by Chocapikk
Path: multi/http/wp_time_capsule_file_upload_rce
AttackerKB reference: CVE-2024-8856
Description: This exploits a remote code execution (RCE) vulnerability (CVE-2024-8856) in the WordPress WP Time Capsule plugin (versions ≤ 1.22.21). This vulnerability allows unauthenticated attackers to upload and execute arbitrary files due to improper validation within the plugin.
Authors: Heyder Andrade <@HeyderAndrade>, Redway Security <redwaysecurity.com>, and Siebene@ <@Siebene7>
Type: Exploit
Pull request: #19647 contributed by heyder
Path: multi/http/wso2_api_manager_file_upload_rce
AttackerKB reference: CVE-2023-2988
Description: Adds an exploit module for a vulnerability in the 'Add API Documentation' feature of WSO2 API Manager (CVE-2023-2988) that allows malicious users with specific permissions to upload arbitrary files to a user-controlled server location. This flaw allows for RCE on the target system.
module/reference/author/etc
.OptEnum
to validate values without being case sensitive while preserving the case the author was expecting.db/README.md
documentation.HttpUserAgent
option was not used properly. You can now use this option to customize the User-Agent HTTP header when using these payloads.post/multi/recon/local_exploit_suggester
module which would crash if a TARGET
value was set.You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro.