8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
Metasploit contributor h00die added a new module that exploits CVE-2020-6010, an authenticated SQL injection vulnerability in the WordPress LearnPress plugin. When a user is logged in with contributor
privileges or higher, the id
parameter can be used to inject arbitrary code through an SQL
query. This exploit can be used to collect usernames and password hashes. The responsible code is located in learnpress/inc/admin/lp-admin-functions.php
at line 1690
. The vulnerability affects plugin versions v3.2.6.7
and prior.
In addition to new exploit modules, Metasploit releases include a number of enhancements and bug fixes. This week we would like to highlight a few key enhancements that improve usability. Contributor pingport80 added support for easy reading of binary files from target systems compromised through a PowerShell session. Our very own sjanusz-r7 added a default payload option to the postgres_payload
module so that payloads update correctly when changing target systems. An enhancement made by our own gwillcox-r7 extends Windows process lib injection beyond just notepad.exe
. The logic now selects from a random list that can be updated in the future. We appreciate all the contributions that make Metasploit more robust and easier to use.
v3.2.6.8
.readable?
and read_file
functions provided by the Post::File
API.postgres_payload
exploit modules to specify a valid default PAYLOAD option when changing target architecturesauxiliary/scanner/http/wordpress_scanner
SSLVersion
datastore option, ensuring compatibility with a range of targets old and new.As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial edition).
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P