CVE-2023-0297

CRITICAL EXPLOITED NUCLEI

pyLoad js2py Python Execution

Title source: metasploit

Description

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

Exploits (9)

exploitdb WORKING POC VERIFIED
by Gabriel Lima · pythonwebappspython
https://www.exploit-db.com/exploits/51532
nomisec WORKING POC 28 stars
by bAuh0lz · remote
https://github.com/bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad
nomisec WORKING POC 11 stars
by JacobEbben · remote
https://github.com/JacobEbben/CVE-2023-0297
nomisec WORKING POC 2 stars
by Small-ears · remote
https://github.com/Small-ears/CVE-2023-0297
nomisec WORKING POC 1 stars
by overgrowncarrot1 · remote
https://github.com/overgrowncarrot1/CVE-2023-0297
nomisec WORKING POC
by S4MY9 · remote
https://github.com/S4MY9/CVE-2023-0297
nomisec NO CODE
by btar1gan · remote
https://github.com/btar1gan/exploit_CVE-2023-0297
nomisec WORKING POC
by hazeyez · poc
https://github.com/hazeyez/CVE-2023-0297
metasploit WORKING POC EXCELLENT
by Spencer McIntyre, bAu · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pyload_js2py_exec.rb

Nuclei Templates (1)

PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
CRITICALVERIFIEDby MrHarshvardhan,DhiyaneshDk
Shodan: html:"pyload" || http.title:"login - pyload" || http.html:"pyload" || http.title:"pyload"
FOFA: title="login - pyload" || body="pyload" || title="pyload"

References (4)

Scores

CVSS v3 9.8
EPSS 0.9402
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-01-22
CWE
CWE-94
Status published
Products (2)
pyload/pyload < 0.4.20
pypi/pyload-ng 0 - 0.5.0b3.dev31PyPI
Published Jan 14, 2023
Tracked Since Feb 18, 2026