Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-24716 PoC — Path traversal in Icinga Web 2

Source
https://github.com/antisecc/CVE-2022-24716
Associated Vulnerability
Title:Path traversal in Icinga Web 2 (CVE-2022-24716)
Description:Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
Readme
# CVE-2022-24716

Icinga Web 2 is a software application that monitors computer systems and networks. It has a web interface that allows users to view and manage system resources. However, there is a vulnerability in Icinga Web 2 that allows unauthenticated users to access files on the system that are accessible to the web server user. This includes configuration files for Icinga Web 2 that contain database credentials. This vulnerability has been fixed in versions 2.9.6 and 2.10 of Icinga Web 2. However, if you are using an older version, you should upgrade to a newer version and rotate your database credentials.
File Snapshot

 [4.0K]  /data/pocs/e54b56df2e52116902694e5c83ca58234089162e
├── [1.6K]  CVE-2022-24716..py
└── [ 622]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →