Epic Release! This week's release includes 5 new modules, 6 enhancements, 4 fixes and 1 documentation update. Among the new additions, we have an account take over, SQL injection, RCE, and LPE! Thank you to all the contributors who made it possible! New Module Content (5) Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419) Authors: Michael Heinzl and Mohammed Adel Type: Auxiliary Pull request: #19375 contributed by h4x-x0r Path: admin/http/cisco_ssm_onprem_account AttackerKB reference: CVE-2024-20419 Description: This is a new module which exploits an account takeover vulnerability in Cisco Smart Software Manager (SSM) On-Prem <= 8-202206, by changing the password of the admin user to one that is attacker-controlled. WhatsUp Gold SQL Injection (CVE-2024-6670) Authors: Michael Heinzl and Sina Kheirkhah ( <Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)> Type: Auxiliary Pull request: #19436 contributed by h4x-x0r Path: admin/http/whatsup_gold_sqli CVE reference: ZDI-24-1185 Description: This is a new module which exploits a SQL injection vulnerability in WhatsUp Gold versions before v24.0.0. Successful exploitation allows an unauthenticated remote attacker to change the password of the admin user. Vicidial SQL Injection Time-based Admin Credentials Enumeration Authors: Jaggar Henry of KoreLogic, Inc. and Valentin Lobstein Type: Auxiliary Pull request: #19453 contributed by Chocapikk Path: scanner/http/vicidial_sql_enum_users_pass…Read More