Metasploit Weekly Wrap-Up 08/23/2024

Aug 23, 2024 04:00 pm Cyber Security 31
Metasploit Weekly Wrap-Up 08/23/2024

New module content (3)


Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)


Authors: Michael Heinzl and Tenable
Type: Auxiliary
Pull request: #19373 contributed by h4x-x0r
Path: admin/http/fortra_filecatalyst_workflow_sqli
AttackerKB reference: CVE-2024-5276


Description: This adds an auxiliary module to exploit the CVE-2024-5276, a SQL injection vulnerability that allows for adding an arbitrary administration user in the application.


SPIP Unauthenticated RCE via porte_plume Plugin


Authors: Julien Voisin, Laluka, and Valentin Lobstein
Type: Exploit
Pull request: #19394 contributed by Chocapikk
Path: multi/http/spip_porte_plume_previsu_rce


Description: Adds a new exploit/multi/http/spip_porte_plume_previsu_rce SPIP unauthenticated remote code execution (RCE) module targeting SPIP versions up to and including 4.2.12.


DIAEnergie SQL Injection (CVE-2024-4548)


Authors: Michael Heinzl and Tenable
Type: Exploit
Pull request: #19351 contributed by h4x-x0r
Path: windows/scada/diaenergie_sqli
AttackerKB reference: CVE-2024-4548


Description: This adds an exploit module for CVE-2024-4548, an unauthenticated SQL injection vulnerability that allows remote code execution as NT AUTHORITYSYSTEM.


Bugs fixed (1)


#19366 from adeherdt-r7 - Updates the Jenkins login scanner to correctly determine whether authentication is required.

..

Support the originator by clicking the read the rest link below.

metasploit weekly
Read The Rest from the original source
blog.rapid7.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!