CVE-2024-27348 PoC — Apache HugeGraph-Server: Command execution in gremlin

Source

Associated Vulnerability

Description

Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit  

Readme

# CVE-2024-27348 🪶

CVE-2024-27348 Proof of concept Exploit RCE in Apache HugeGraph Server

Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph Server. 


## Usage 🛠 

Exploit multiple targets ☣️
```
python3 CVE-2024-27348.py -f targets.txt -c "command to execute"
```

Exploit single target 🗡
```
python3 CVE-2024-27348.py -t http://target.tld:8080 -c "command to execute"
```

## Parameters 🧰 

Parameter | Description | Type
------------ | ------------- | -------------
-c/--comand |  Command to execute on target | String
-t/--target | URL, Single target  | String
-f/--file | Multiple targets | File


## Contact Me📇

[Twitter - Milan Jovic](https://twitter.com/milanshiftsec)

[LinkedIn - Milan Jovic](https://www.linkedin.com/in/milan-jovic-sec/)

#### Educational purposes only and cannot be used for law violation or personal gain.
#### The author of this project is not responsible for any possible harm caused by the materials of this project.

File Snapshot

 [4.0K]  /data/pocs/10f3a83518dee009acf7e138d57d0d0a2eb9f283
├── [3.3K]  CVE-2024-27348.py
├── [1.0K]  LICENSE
├── [1010]  README.md
└── [  18]  requirements.txt

0 directories, 4 files

Remarks