.. / CVE-2024-29824

Exploit for Ivanti EPM - Unauthenticated SQL Injection (CVE-2024-29824)

Description:

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-29824.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-29824.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-29824
https://github.com/horizon3ai/CVE-2024-29824
https://forums.ivanti.com/s/article/Security-Advisory-May-2024
https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/