CVE-2024-30851

MEDIUM

Jasmin Ransomware Web Server Unauthenticated SQL Injection

Title source: metasploit

Description

Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.

Exploits (3)

nomisec WORKING POC 21 stars

by chebuya · poc

https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc

View Code ZIP pw:eip

metasploit WORKING POC

by chebuya, h00die · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/jasmin_ransomware_sqli.rb

View Code ZIP pw:eip

metasploit WORKING POC

by chebuya, h00die · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/jasmin_ransomware_dir_traversal.rb

View Code ZIP pw:eip

References (2)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc

[Product] https://github.com/codesiddhant/Jasmin-Ransomware

Scores

CVSS v3 6.5

EPSS 0.6917

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-22

Status published

Products (1)

codesiddhant/jasmin-ransomware 1.0.1

Published May 03, 2024

Tracked Since Feb 18, 2026