Skip to content
/ CVE-2024-27348 Public

Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit

License

MIT license
14 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kljunowsky/CVE-2024-27348

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
CVE-2024-27348.py
CVE-2024-27348.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2024-27348 🪶

CVE-2024-27348 Proof of concept Exploit RCE in Apache HugeGraph Server

Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph Server.

Usage 🛠

Exploit multiple targets ☣️

python3 CVE-2024-27348.py -f targets.txt -c "command to execute"

Exploit single target 🗡

python3 CVE-2024-27348.py -t http://target.tld:8080 -c "command to execute"

Parameters 🧰

Parameter Description Type
-c/--comand Command to execute on target String
-t/--target URL, Single target String
-f/--file Multiple targets File

Contact Me📇

Twitter - Milan Jovic

LinkedIn - Milan Jovic

Educational purposes only and cannot be used for law violation or personal gain.

The author of this project is not responsible for any possible harm caused by the materials of this project.

About

Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit

Topics

security hack exploit malware apache rce application-security bugbounty hacking-tool zero-day web-application-security unauthenticated penetration-testing-tools bugbountytips bugbounty-tool platform-security zero-day-exploit cve-2024-27348 hugehraph one-day-exploit

Resources

Readme

License

MIT license
Activity

Stars

14 stars

Watchers

1 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages