CVE-2024-22120
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
Github link:
https://github.com/isPique/CVE-2024-22120-RCE-with-gopher
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
Github link:
https://github.com/isPique/CVE-2024-22120-RCE-with-gopher
GitHub
GitHub - isPique/CVE-2024-22120-RCE-with-gopher: This is my exploit for CVE-2024-22120, which involves an SSRF vulnerability inside…
This is my exploit for CVE-2024-22120, which involves an SSRF vulnerability inside an XXE with a Gopher payload. - isPique/CVE-2024-22120-RCE-with-gopher
CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/jrbH4CK/CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/jrbH4CK/CVE-2024-27198
GitHub
GitHub - jrbH4CK/CVE-2024-27198: PoC about CVE-2024-27198
PoC about CVE-2024-27198. Contribute to jrbH4CK/CVE-2024-27198 development by creating an account on GitHub.
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/bughuntar/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/bughuntar/CVE-2024-4577
GitHub
GitHub - bughuntar/CVE-2024-4577: CVE-2024-4577 Exploits
CVE-2024-4577 Exploits. Contribute to bughuntar/CVE-2024-4577 development by creating an account on GitHub.