This Metasploit module exploits the mishandling of a password reset in JSON for Strapi CMS version 3.0.0-beta.17.4 to change the password of a privileged user.
4ac993e145c27d7ed64c4f6e44f4afc8411b55cf2ca926dd259851fb7f0b8399
Strapi version 3.0.0-beta set password authentication bypass exploit.
e401d2d526abb18e08643bed89404964079613a0b0f8ea391d5e5598331a2cbb
Strapi CMS version 3.0.0-beta.17.4 authenticated remote code execution exploit.
eb8542fb58263a7355906f031b2beea938e879118461896e82c8ef5965181f72