Navya Harika KarakaRAPID7BLOG:8E0155199A75F3317270C7CB3F87BA64Metasploit Weekly Wrap-Up
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.938 High
EPSS
Percentile
98.7%
Authentication bypass in Wordpress Plugin WooCommerce Payments
This week’s Metasploit release includes a module for CVE-2023-28121 by h00die. This module can be used against any wordpress instance that uses WooCommerce payments < 5.6.1. This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. You can simply add a header to execute the bypass and use the API to create a new admin user in Wordpress.
New module content (3)
Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation
Authors: Julien Ahrens, Michael Mazzolini, and h00die
Type: Auxiliary
Pull request: #18164 contributed by h00die
AttackerKB reference: CVE-2023-28121
Description: This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. By sending a speciality crafted request to the plugin an attacker can by-pass authentication and then use the WordPress API to create an admin user in WordPress.
pfSense Restore RRD Data Command Injection
Author: Emir Polat
Type: Exploit
Pull request: #17861 contributed by emirpolatt
AttackerKB reference: CVE-2023-27253
Description: This module exploits a vulnerability in pfSense version 2.6.0 and below which allows for authenticated users to execute arbitrary operating systems commands as root.
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
Authors: 1F98D, Ismail E. Dawoodjee, and Soroush Dalili
Type: Exploit
Pull request: #18170 contributed by ismaildawoodjee
AttackerKB reference: CVE-2019-7214
Description: Adds a new module for SmarterMail Build 6985 - dotNET Deserialization Remote Code Execution (CVE-2019-7214). The vulnerability affects SmarterTools SmarterMail Version less than or equal to 16.3.6989.16341 (all legacy versions without a build number), or SmarterTools SmarterMail Build less than 6985.
Enhancements and features (0)
None
Bugs fixed (0)
None
Documentation added (2)
- #18177 from ismaildawoodjee - Updates the Wiki to use
https://metasploit.com/downloadinstead ofhttp://metasploit.com/download. - #18181 from hahwul - Updates broken links in the Wiki.
You can always find more documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.938 High
EPSS
Percentile
98.7%