From 852bb8bfe29ddced7432e58557982d9fb83898d2 Mon Sep 17 00:00:00 2001
From: jenkins-metasploit <jenkins-metasploit@build-production.r7ops.com>
Date: Fri, 13 Dec 2024 02:25:39 +0000
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 64 +++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index 95c0975c843b..8b95aae87260 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -117922,6 +117922,70 @@
     "session_types": false,
     "needs_cleanup": true
   },
+  "exploit_multi/http/wp_time_capsule_file_upload_rce": {
+    "name": "WordPress WP Time Capsule Arbitrary File Upload to RCE",
+    "fullname": "exploit/multi/http/wp_time_capsule_file_upload_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2024-11-15",
+    "type": "exploit",
+    "author": [
+      "Valentin Lobstein",
+      "Rein Daelman"
+    ],
+    "description": "This module exploits an arbitrary file upload vulnerability in the WordPress WP Time Capsule plugin\n          (versions <= 1.22.21). The vulnerability allows uploading a malicious PHP file to achieve remote\n          code execution (RCE).\n\n          The validation logic in the vulnerable function improperly checks for allowed extensions.\n          If no valid extension is found, the check can be bypassed by using a filename of specific length\n          (e.g., \"00.php\") matching the length of allowed extensions like \".crypt\".",
+    "references": [
+      "CVE-2024-8856",
+      "URL-https://hacked.be/posts/CVE-2024-8856",
+      "URL-https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-time-capsule/backup-and-staging-by-wp-time-capsule-12221-unauthenticated-arbitrary-file-upload"
+    ],
+    "platform": "Linux,PHP,Unix,Windows",
+    "arch": "php, cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "PHP In-Memory",
+      "Unix/Linux Command Shell",
+      "Windows Command Shell"
+    ],
+    "mod_time": "2024-12-12 18:04:10 +0000",
+    "path": "/modules/exploits/multi/http/wp_time_capsule_file_upload_rce.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/wp_time_capsule_file_upload_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
   "exploit_multi/http/wso2_file_upload_rce": {
     "name": "WSO2 Arbitrary File Upload to RCE",
     "fullname": "exploit/multi/http/wso2_file_upload_rce",