2 matches found
CVE-2019-5624
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level...
CVE-2019-5624
CVE-2019-5624 affects Rapid7 Metasploit Framework up to version 4.14.0, due to an instance of CWE-22 (Path Traversal) in the Zip import routine. The underlying issue allows an attacker to execute arbitrary code at the privilege level of the user running Metasploit by importing crafted zip data. C...