automatic module_metadata_base.json update

Author: jenkins-metasploit

db/modules_metadata_base.json

@@ -24716,6 +24716,60 @@
       }
     ]
   },
+  "auxiliary_gather/listmonk_env_disclosure": {
+    "name": "Listmonk Insecure Sprig Template Functions Environment Disclosure",
+    "fullname": "auxiliary/gather/listmonk_env_disclosure",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": "2025-06-08",
+    "type": "auxiliary",
+    "author": [
+      "Tarek Nakkouch"
+    ],
+    "description": "This module exploits insecure Sprig template functions in Listmonk\n          versions prior to v5.0.2. The env and expandenv functions are enabled\n          by default, allowing authenticated users with campaign permissions to\n          extract sensitive environment variables via campaign preview.",
+    "references": [
+      "CVE-2025-49136",
+      "URL-https://github.com/knadh/listmonk/security/advisories/GHSA-jc7g-x28f-3v3h"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 9000,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": null,
+    "mod_time": "2025-10-08 21:02:24 +0000",
+    "path": "/modules/auxiliary/gather/listmonk_env_disclosure.rb",
+    "is_install_path": true,
+    "ref_name": "gather/listmonk_env_disclosure",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ],
+      "Reliability": []
+    },
+    "session_types": false,
+    "needs_cleanup": false,
+    "actions": []
+  },
   "auxiliary_gather/magento_xxe_cve_2024_34102": {
     "name": "Magento XXE Unserialize Arbitrary File Read",
     "fullname": "auxiliary/gather/magento_xxe_cve_2024_34102",