Exploitation Summary
EIP tracks 1 public exploit for CVE-2020-24656. PoCs published by terzinodipaese.
AI-analyzed exploit summary This repository contains a writeup in Italian about the Maltego vulnerability CVE-2020-24656, which involves an XXE injection attack for data exfiltration. The README describes the project but does not include exploit code or technical details.
Description
Maltego before 4.2.12 allows XXE attacks.
Exploits (1)
nomisec
WRITEUP
by terzinodipaese · poc
https://github.com/terzinodipaese/Internet-Security-Project
This repository contains a writeup in Italian about the Maltego vulnerability CVE-2020-24656, which involves an XXE injection attack for data exfiltration. The README describes the project but does not include exploit code or technical details.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target:
Maltego (version not specified)
No auth needed
Prerequisites:
Access to a vulnerable Maltego instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.maltego.com/changelog/
Exploit, Third Party Advisory x_refsource_misc
https://www.hackersforchange.com/post/maltego-cve-2020-24656-analysis
Scores
CVSS v3
6.5
EPSS
0.0074
EPSS Percentile
73.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
maltego/maltego
< 4.2.12
Published
Aug 26, 2020
Tracked Since
Feb 18, 2026