A proof of concept of CVE-2023-38646, a Metabase exploit that allows user to do Remote Code Execution utilizing the setup token found in /api/session/properties to send a payload encoded in base64
./MetabaseRCE_CVE-2023-38646 -u [target url] -t [target token] -c [command]