Pymetasploit3
Monthly
Command injection in pymetasploit3 Python library (versions ≤1.0.6) allows unauthenticated remote attackers to execute arbitrary Metasploit console commands by injecting newline characters into module options like RHOSTS. With a critical CVSS 9.3 score and no public exploit identified at time of analysis, this vulnerability poses significant risk to environments using this library for automated penetration testing workflows. The flaw enables attackers to break command structure in console.run_module_with_output() calls, potentially manipulating Metasploit sessions and executing unintended security operations.
Command injection in pymetasploit3 Python library (versions ≤1.0.6) allows unauthenticated remote attackers to execute arbitrary Metasploit console commands by injecting newline characters into module options like RHOSTS. With a critical CVSS 9.3 score and no public exploit identified at time of analysis, this vulnerability poses significant risk to environments using this library for automated penetration testing workflows. The flaw enables attackers to break command structure in console.run_module_with_output() calls, potentially manipulating Metasploit sessions and executing unintended security operations.