CVE-2024-27292

HIGH EXPLOITED NUCLEI

Docassemble - Local File Inclusion

Title source: nuclei

Exploitation Summary

CVE-2024-27292 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including th3gokul, NingXin2002. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python-based tool for detecting and exploiting CVE-2024-27292, an unauthenticated path traversal vulnerability in Docassemble V1.4.96. The tool sends HTTP requests to the target URL with a path traversal payload to read sensitive files like /etc/passwd.

Description

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.

Exploits (2)

nomisec WORKING POC 7 stars

by th3gokul · infoleak

https://github.com/th3gokul/CVE-2024-27292

View Code ZIP pw:eip

This repository contains a Python-based tool for detecting and exploiting CVE-2024-27292, an unauthenticated path traversal vulnerability in Docassemble V1.4.96. The tool sends HTTP requests to the target URL with a path traversal payload to read sensitive files like /etc/passwd.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Docassemble V1.4.96

No auth needed

Prerequisites: Network access to the target Docassemble instance

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 3 stars

by NingXin2002 · infoleak

https://github.com/NingXin2002/Docassemble_poc

View Code ZIP pw:eip

This PoC exploits CVE-2024-27292, an arbitrary file read vulnerability in Docassemble. It sends a crafted request to read /etc/passwd and checks for the presence of 'root' in the response to confirm vulnerability.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Docassemble (version not specified)

No auth needed

Prerequisites: Network access to the target Docassemble instance

MITRE ATT&CK

T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Docassemble - Local File Inclusion

HIGHVERIFIEDby johnk3r

Shodan: http.title:"docassemble"

FOFA: icon_hash="-575790689"

References (2)

Core 2

Core References

Third Party Advisory x_refsource_confirm

https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv

Patch x_refsource_misc

https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.9386

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-06-07

CWE

CWE-706

Status published

Products (3)

jhpyle/docassemble 1.4.53 - 1.4.97

pypi/docassemble.base 1.4.53 - 1.4.97PyPI

pypi/docassemble.webapp 1.4.53 - 1.4.97PyPI

Published Mar 21, 2024

Tracked Since Feb 18, 2026