.. / CVE-2023-2479

Exploit for Appium Desktop Server - Remote Code Execution (CVE-2023-2479)

Description:

OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.

Nuclei Template

View the template here CVE-2023-2479.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-2479.yaml
Copy

References:

https://github.com/Marco-zcl/POC
https://huntr.dev/bounties/fbdeec3c-d197-4a68-a547-7f93fb9594b4/
https://github.com/d4n-sec/d4n-sec.github.io
https://nvd.nist.gov/vuln/detail/CVE-2023-2479
https://github.com/appium/appium-desktop/commit/12a988aa08b9822e97056a09486c9bebb3aad8fe