.. / CVE-2024-23692

Exploit for Rejetto HTTP File Server 2.x - Unauthenticated Remote Code Execution (CVE-2024-23692)

Description:

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-23692.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-23692.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-23692
https://github.com/rapid7/metasploit-framework/pull/19240
https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/