.. / CVE-2024-0195

Exploit for SpiderFlow Crawler Platform 0.4.3 - Remote Code Execution (CVE-2024-0195)

Description:

A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.

Affected Products:

Proof of Concept

PoC exploits

Nuclei Template

View the template here CVE-2024-0195.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-0195.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-0195
https://github.com/Shelter1234/VulneraLab/blob/main/SpiderFlow/CVE-2024-0195/README.zh-cn.md
https://vuldb.com/?id.249510
https://vuldb.com/?ctiid.249510
https://github.com/Tropinene/Yscanner