CVE-2024-27348

This exploit leverages a Gremlin query injection vulnerability in Apache HugeGraph Server to execute arbitrary commands, resulting in a reverse shell. The payload manipulates Java reflection to spawn a ProcessBuilder with a bash reverse shell command.

This repository contains a Python-based scanner and exploit for CVE-2024-27348, an RCE vulnerability in Apache HugeGraph server versions 1.0.0 to 1.3.0. The exploit leverages Gremlin query injection to execute arbitrary commands (ping, curl, wget, host) via Java reflection.

This is a functional proof-of-concept exploit for CVE-2024-27348, demonstrating unauthenticated remote code execution in Apache HugeGraph Server via Groovy injection. The exploit sends crafted JSON payloads to the '/gremlin' endpoint, leveraging reflection to execute arbitrary OS commands.

This repository contains a functional proof-of-concept exploit for CVE-2024-27348, a critical RCE vulnerability in Apache HugeGraph Server. The exploit leverages Gremlin traversal language to bypass sandbox restrictions and execute arbitrary commands via Java reflection.

This repository contains a functional exploit for CVE-2024-27348, targeting Apache HugeGraph Server. The exploit leverages Java Reflection to bypass the HugeSecurityManager sandbox and executes arbitrary commands via ProcessBuilder, providing reliable RCE with output capture.

This repository contains a functional exploit for CVE-2024-27348, targeting Apache Huge-Graph-Server via Gremlin query injection to deploy a PHP web shell. It includes both an exploit script and a bind shell client for interactive command execution.

This repository contains a functional proof-of-concept exploit for CVE-2024-27348, a remote code execution vulnerability in Apache HugeGraph Server. The exploit leverages Gremlin query injection to execute arbitrary commands on the target system via Java reflection.

This repository contains functional exploit code for CVE-2024-27348, targeting Apache Huge-Graph-Server via Gremlin query injection to achieve remote code execution. It includes both an exploit script to deploy a PHP web shell and a bind shell client for interaction.

This Metasploit module exploits CVE-2024-27348, a Remote Code Execution (RCE) vulnerability in Apache HugeGraph Server versions before 1.3.0. It bypasses sandbox restrictions via Gremlin to execute arbitrary commands on the target system.