.. / CVE-2024-5230

Exploit for FleetCart 4.1.1 - Information Disclosure (CVE-2024-5230)

Description:

Issues with information disclosure in redirect responses. Accessing the majority of the website’s pages exposes sensitive data, including the “Razorpay” “razorpayKeyId”.

Nuclei Template

View the template here CVE-2024-5230.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-5230.yaml
Copy

References:

https://codecanyon.net/item/fleetcart-laravel-ecommerce-system/23014826
https://vuldb.com/?id.265981
https://nvd.nist.gov/vuln/detail/CVE-2024-5230
https://vuldb.com/?ctiid.265981
https://packetstormsecurity.com/files/178770/FleetCart-4.1.1-Information-Disclosure.html