CVE-2024-27348
CVE-2024-27348 copied to clipboard
Published
20 hours ago β’
kljunowsky
kljunowsky
Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit
CVE-2024-27348 πͺΆ
CVE-2024-27348 Proof of concept Exploit RCE in Apache HugeGraph Server
Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph Server.
Usage π
Exploit multiple targets β£οΈ
python3 CVE-2024-27348.py -f targets.txt -c "command to execute"
Exploit single target π‘
python3 CVE-2024-27348.py -t http://target.tld:8080 -c "command to execute"
Parameters π§°
| Parameter | Description | Type |
|---|---|---|
| -c/--comand | Command to execute on target | String |
| -t/--target | URL, Single target | String |
| -f/--file | Multiple targets | File |
Contact Meπ
Educational purposes only and cannot be used for law violation or personal gain.
The author of this project is not responsible for any possible harm caused by the materials of this project.
Metadata
15
Stars
7
Forks
Watchers
Owner
kljunowsky
Metadata
Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit