CVE-2024-27348 PoC — Apache HugeGraph-Server: Command execution in gremlin

Source

https://github.com/p0et08/CVE-2024-27348

Associated Vulnerability

Title:Apache HugeGraph-Server: Command execution in gremlin (CVE-2024-27348)
Description:RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

Description

This is a repository for Apache HugeGraph Remote Code Execution vulnerability(CVE-2024-27348))

Readme

# CVE-2024-27348
This is a repository for Apache HugeGraph Remote Code Execution vulnerability(CVE-2024-27348))
# Docker
```
docker pull hugegraph/hugegraph:1.0.0
docker run -it --name hgserver -p 8081:8080 hugegraph/hugegraph:1.0.0

```
# docker-compose.yml
```
services:
  web:
    image: vulhub/hugegraph:1.2.0
    ports:
      - "8080:8080"
      - "5005:5005"
```
```
### docker compose up -d   
### visit：http://your_ip:8080 
```
# exploit
```
python .\CVE-2024-27348.py -t http://192.168.41.163:8080 -c "id"
```
![picture](./picture.png)
# about
For all you can see it
```
https://www.vicarius.io/vsociety/posts/remote-code-execution-vulnerability-in-apache-hugegraph-server-cve-2024-27348
```

File Snapshot


 [4.0K]  /data/pocs/254513426646cbd7ef39066310aa5bd179e1d524
├── [3.5K]  CVE-2024-27348.py
├── [ 42K]  picture.png
└── [ 703]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!