diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index 8de2e46aa023..75e6d5ce53da 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -69585,6 +69585,69 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/opentsdb_key_cmd_injection": {
+    "name": "OpenTSDB 2.4.1 unauthenticated command injection",
+    "fullname": "exploit/linux/http/opentsdb_key_cmd_injection",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-07-01",
+    "type": "exploit",
+    "author": [
+      "Gal Goldstein",
+      "Daniel Abeles",
+      "Erik Wynter"
+    ],
+    "description": "This module exploits an unauthenticated command injection\n          vulnerability in the key parameter in OpenTSDB through\n          2.4.1 (CVE-2023-36812/CVE-2023-25826) in order to achieve\n          unauthenticated remote code execution as the root user.\n\n          The module first attempts to obtain the OpenTSDB version via\n          the api. If the version is 2.4.1 or lower, the module\n          performs additional checks to obtain the configured metrics\n          and aggregators. It then randomly selects one metric and one\n          aggregator and uses those to instruct the target server to\n          plot a graph. As part of this request, the key parameter is\n          set to the payload, which will then be executed by the target\n          if the latter is vulnerable.\n\n          This module has been successfully tested against OpenTSDB\n          version 2.4.1.",
+    "references": [
+      "URL-https://github.com/OpenTSDB/opentsdb/security/advisories/GHSA-76f7-9v52-v2fw",
+      "CVE-2023-36812",
+      "CVE-2023-25826"
+    ],
+    "platform": "Linux",
+    "arch": "ARCH_CMD",
+    "rport": 4242,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Linux"
+    ],
+    "mod_time": "2023-09-07 17:29:16 +0000",
+    "path": "/modules/exploits/linux/http/opentsdb_key_cmd_injection.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/opentsdb_key_cmd_injection",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/opentsdb_yrange_cmd_injection": {
     "name": "OpenTSDB 2.4.0 unauthenticated command injection",
     "fullname": "exploit/linux/http/opentsdb_yrange_cmd_injection",