This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.