A simple Python proof of concept for CVE-2021-38295.
[LINK TO BLOG]
Usage: cve-xxxx <host> <db> <user:pass>
Simply supply the script with a host, a database which your creds have access too, and the username password pair. If everything works, you'll get a URL which links to the malicious attachment.